The NIKKOR Z 70-200 mm f2.8 VR S II Lens is Engineered for the Professional in Pursuit of Perfection

Posted in Commentary with tags on February 24, 2026 by itnerd

Nikon Canada has announced the NIKKOR Z 70-200mm f/2.8 VR S II, a premium-grade fast telephoto zoom lens for full-frame/FX format mirrorless cameras. This second-generation version of Nikon’s most popular pro-level fast telephoto zoom delivers improved optical performance, faster focusing, and a 26 per cent lighter weight than its first-generation predecessor. 

With a fast f/2.8 constant aperture and versatile focal range, the 70-200mm f/2.8 is well established as the essential lens for capturing sports, portraits, weddings, and more, with excellent low-light performance and naturally beautiful bokeh. This latest S-Line lens improves upon this classic recipe – specifically created for professional photographers and videographers who will not compromise on image quality and capability. 

This evolved 70-200mm f/2.8 employs Nikon’s Silky Swift VCM (SSVCM) autofocus drive system for highly precise, smooth, and quiet autofocus (AF) control when shooting. Autofocusing is approximately 3.5× faster, and AF tracking while zooming is approximately 40 per cent better than its well-regarded predecessor, enabling more accurate focusing on rapidly moving subjects like athletes, animals, and vehicles. The optical formula has been thoroughly revised, with a reduction in the number of lens elements and a more optimal placement of aspherical elements. Additionally, Super Extra-low Dispersion (ED) and aspherical ED elements have been adopted for chromatic aberration correction. This formula achieves both a lightweight design and the highest level of rendering performance. What’s more, the lens is exceptionally balanced and features an internal zoom design, making it ideal for gimbal use and comfortable for handheld shooting.

Features of the NIKKOR Z 70-200mm f/2.8 VR S II lens:

  • The NIKKOR Z 70-200mm f/2.8 VR S II has the lightest weight in its class (998 g), achieved by modifying the front lens group configuration and eliminating mechanical components in the moving lens groups. This makes the lens easy to carry and comfortable to use for extended shooting periods. Overall, the lens is 26 per cent lighter and 12mm shorter than its predecessor.
  • The multi-focusing system now utilizes a Silky Swift VCM (SSVCM) to achieve extremely fast, precise, and quiet autofocus for both stills and video.
  • A revised optical formula uses six different types of lens elements – Super ED, aspherical ED, ED, aspherical, fluorite, and Short-wavelength Refractive (SR) to effectively correct lens aberrations for clearer and more natural rendering. Additionally, the lens now features 11 rounded diaphragm blades for more natural, circular bokeh.
  • The lens adopts a Meso Amorphous Coat, which offers the best anti-reflection performance in Nikon history, and an ARNEO Coat which effectively suppresses ghosting and flares.
  • The minimum focus distance is 0.38 m (wide) and 0.8 m (tele), with a maximum reproduction ratio of 0.3× (wide) /0.25× (tele), letting users get closer to their subjects than ever before.
  • This is the first ever NIKKOR lens to support the use of Arca-Swiss tripod heads, for smoother tripod mounting and dismounting. A removable tripod collar ring enables smooth switching between portrait and landscape orientation, and a protective cover is included for comfortable hand-held shooting.
  • The lens offers superior strength and durability for worry-free shooting. The internal zoom mechanism, which maintains a constant lens length when zooming, enables stable operation and contributes to its superior dust- and drip-resistant performance. A fluorine coating on the front element further protects against dirt and smudges.
  • The control ring clicking switch allows users to enable or disable the tactile click for control ring operation, enabling smoother shooting.
  • 6.0-stop vibration reduction (VR) performance is accessible at the centre and edges of the frame when used with a camera that supports Synchro VR.
  • The included lens hood features a filter adjustment window that allows users to adjust circular polarizing and variable ND filters without removing the lens hood.
  • Compatibility with Z TELECONVERTER TC-1.4× or Z TELECONVERTER TC-2.0× enables more flexible shooting, even when capturing distant subjects.

Price and Availability

The new NIKKOR Z 70-200mm f/2.8 VR S II lens will be available in late March 2026 for a manufacturer’s suggested retail price (MSRP) of $4,199.95.

For more information about the latest Nikon products, including the vast collection of NIKKOR Z lenses and the entire line of Z series cameras, please visit www.nikon.ca.

Leave a comment »

BforeAI Threat Report: Commercial Airline Industry Sees Sustained Scam and Impersonation Activity in 2026 

Posted in Commentary with tags on February 24, 2026 by itnerd

BforeAI has some extensive research looking into scams and impersonation attacks leveraging the commercial airline industry. While the data set primarily covers Q4 of 2025, the activity and TTPs associated with these types of threats are not slowing down.

PreCrime™ Labs, the research division of BforeAI, observed a total of 1,799 suspicious domains between September and December of 2025, targeting over 35 global airline brands. In the midst of the 2025 end-of-year holiday rush into the beginning-of-the-year annual travel planning season of 2026, the PreCrime Labs team analyzed a large set of threat data related to airlines. There was a much higher concentration of generic keywords, numbering close to 10,000, that focused on search terms such as “airline”, “flight”, “charter”, “airfare”, and “private jet”.

These domains demonstrate a consistent pattern of generalized phishing, attracting broader customer interest than merely focusing on a single airline company. The total count of suspicious domains targeting the airline industry surpasses 11,600 domains. The observed activity spans across phishing, fake promotions, fraudulent investments, betting abuse, and reputational harm, indicating both opportunistic fraud and coordinated campaign-style abuse.

The link to the report is here: https://bfore.ai/report/commercial-airline-industry-scam-impersonation-activity-2026/

Leave a comment »

RAD Security and Carahsoft Partner to Bring AI-Driven Security Platform to the Public Sector

Posted in Commentary with tags on February 23, 2026 by itnerd

RAD Security and Carahsoft Technology today announced a partnership. Under the agreement, Carahsoft will serve as RAD Security’s Public Sector distributor, making the company’s AI-driven security platform available to the Public Sector through Carahsoft’s reseller partners and NASA Solutions for Enterprise-Wide Procurement (SEWP) V, Information Technology Enterprise Solutions – Software 2 (ITES-SW2), National Association of State Procurement Officials (NASPO) ValuePoint, The Interlocal Purchasing System (TIPS), OMNIA Partners, E&I Cooperative Services Contract and The Quilt contracts. 

RAD Security’s platform equips agencies with real-time visibility, essential context and automated response capabilities across complex cloud and hybrid environments. The company enables agencies to align with frameworks such as NIST, CIS and Federal Risk and Authorization Management Program (FedRAMP®). The RAD platform:

  • Verifies context to streamline investigations and help agencies prioritize credible threats.
  • Strengthens communication by translating complex findings into clear, actionable insights.
  • Provides searchable historical records to accelerate onboarding for new team members.
  • Preserves critical information to maintain context and decision history, enhancing operational resilience.
  • Ensures actions are traceable, reviewable and supported by evidence for informed decision-making.
  • Enables agencies to scale coverage and automation without increasing headcount.

RAD Security’s solutions are available through Carahsoft’s SEWP V contracts NNG15SC03B and NNG15SC27B, ITES-SW2 Contract W52P1J-20-D-0042, NASPO ValuePoint Master Agreement #AR2472, TIPS Contract #220105, OMNIA Partners Contract #R240303, E&I Contract #EI00063~2021MA and The Quilt Master Service Agreement Number MSA05012019-F. For more information, contact the Carahsoft Team at (844) 445-5688 or RADsecurity@carahsoft.com. Explore RAD Security’s solutions here.

Leave a comment »

Microsoft MFA May Be Down For Some Users

Posted in Commentary with tags on February 23, 2026 by itnerd

Microsoft is investigating reports of 504 Gateway Timeout errors impacting US-based Microsoft 365 users trying to access services that require Multi-Factor Authentication (MFA).

Darren James, Senior Product Manager at Specops Software, provided the following comments:

“This event highlights the importance of having a flexible MFA policy that doesn’t rely on a single second factor. Of course you do need to consider the relative strength of alternate authentication factors, for example an SMS OTP is certainly not as strong as a biometric authentication. However, a layered approach, such as using a trusted device that allows you to pin your users identities to the specific devices they use, along with making sure those devices meet your organization’s posture requirements, will give you the ultimate flexibility when it comes to balancing business security, business continuity and user experience.”

This is a good point as most organizations MFA setups only rely on one second factor. Having multiple options makes something like this less of an issue, if not a non issue. Thus this situation should be a lesson to make that move as soon as possible.

Leave a comment »

PayPal Pwned…. And They May Have Been Pwned For Months

Posted in Commentary with tags , on February 23, 2026 by itnerd

 PayPal recently disclosed a data breach that affected customers’ personal information and led to fraudulent transactions. Exposed information included names, email addresses, dates of birth, phone numbers, and business addresses combined with SSNs. What is more problematic is that according to this, this breach might have been a thing for about six months.

Ensar Seker, CISO at SOCRadar:

“This incident is a classic example of how “application logic flaws” can be just as damaging as external hacks. When sensitive financial workflows like loan applications are misconfigured, attackers don’t need sophisticated malware, they simply exploit business logic errors. The six-month exposure window is particularly concerning because it suggests monitoring and anomaly detection controls were either insufficient or not tuned to detect misuse at the application layer.

What stands out here is the downstream fraud. That means the exposed data was not just leaked, it was operationalized. Financial platforms must treat every internal workflow as an attack surface, especially those connected to credit, lending, and identity verification. Continuous validation, red-team testing of business processes, and behavioral fraud analytics are critical to prevent these quiet but highly monetizable exposures.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy:

“This data breach exposes how a coding error in an online application can expose customers’ data to hackers. Unfortunately, the breach exposed valuable information about PayPal customers, including business details, including the Social Security Numbers of those affected. Affected customers should closely monitor their credit lines and accounts, especially staying alert for new accounts. Hopefully, PayPal will offer some type of assistance for these customers to assist them in keeping track of their credit and financial accounts.”

Now I have had a look at my PayPal account and I don’t see anything unusual. And I strongly suggest that anyone with a PayPal account do the same as given the length of time that this was out there, the possibility that you might have been affected exists.

Leave a comment »

Myriad360 Acquires Advizex Technologies to Form $900M Global AI and Enterprise Infrastructure Platform

Posted in Commentary with tags on February 23, 2026 by itnerd

Myriad360 today announced the acquisition of Advizex Technologies, a nationally recognized technology solutions provider with deep expertise in hybrid infrastructure, data engineering, AI platforms, and managed services.

As enterprise demand accelerates for AI-ready infrastructure, data platform modernization, and lifecycle managed services, this acquisition forms a scaled enterprise platform representing over $900 million in annual run-rate gross revenue. The integrated organization expands technical depth, geographic reach, and managed services capability across the full AI lifecycle, from AI-ready infrastructure and accelerated compute environments to data activation, platform integration, AI/ML operations, and long-term managed support.

Together, Myriad360 and Advizex bring highly complementary capabilities across infrastructure, cloud, data, artificial intelligence, security, and managed services. Advizex contributes strong enterprise relationships, managed services scale, and presence in markets where Myriad360 has limited footprint. Myriad360 adds differentiated strength in infrastructure integration, networking, data center deployment, cybersecurity, and AI-ready environments. The result is broader end-to-end capability delivered with continuity for existing client relationships.

The acquisition strengthens recurring revenue potential across managed services, cloud, and AI-driven environments, positioning the combined company to accelerate cross-selling, deepen enterprise engagement, and expand lifecycle service delivery. Client relationship ownership and go-to-market execution are expected to remain consistent throughout 2026 as a deliberate integration roadmap is developed.

Advizex will operate as Advizex, a Myriad360 company, as the organizations focus first on stability, revenue growth, and collaborative integration planning.

Terms of the transaction were not disclosed.

Leave a comment »

Potpie AI raises $2.2 million to make AI agents usable inside real-world engineering systems

Posted in Commentary with tags on February 23, 2026 by itnerd

Software teams are moving faster than ever, yet the systems they build and maintain were never designed for AI agents to operate inside them. Codebases span millions of lines, context is scattered across dozens of tools, and critical knowledge lives in the heads of a few senior engineers. Potpie was built to change that. Today, the company announced a $2.2 million pre-seed round to help engineering teams unify context across their entire stack and make AI agents genuinely useful in complex software environments.  

The round was led by Emergent Ventures with participation from All In Capital, DeVC and Point One Capital. The capital will be used to support early enterprise deployments, expand the engineering team, and continue building Potpie’s core context and agent infrastructure.

As generative AI adoption accelerates, most tools focus on surface-level code generation while ignoring the deeper problem of context. Large language models are powerful, but without access to system-level understanding, tooling history, and architectural intent, they struggle in real production environments. Traditional approaches rely on senior engineers to manually hold this context together, a model that breaks down at scale and fails entirely when AI agents are introduced.

Potpie addresses this by unifying context across the entire engineering stack and enabling spec driven development. It pulls in information from source code, tickets, logs, documentation, and reviews, links it together, and makes it usable by agents.

With Potpie, the spec becomes the source of truth. Agents plan the feature end to end first by turning requirements into a clear implementation plan, mapping dependencies and edge cases, and aligning tests and rollout steps before writing a single line of code. The principle is simple. An agent is only as effective as the information it can access and the tools it can use. Potpie focuses on both.

The platform enables teams to automate high-impact and non trivial use cases across the software development lifecycle, like debugging cross-service failures, maintaining and writing end-to-end tests, blast radius detection and system design.  It is designed for enterprise companies with large and complex codebases, starting at around one million lines of code and scaling to hundreds of millions. Rather than acting as another coding assistant, Potpie builds a graphical representation of software systems, infers behavior and patterns across modules, and creates structured artifacts that allow agents to operate consistently and safely.

Potpie also actively creates context as systems evolve. When pull requests are created, it can update documentation and tickets automatically. When tickets are opened, it can generate system designs. The platform automatically generates structured behavior definitions for each AI agent, outlining how they should operate within a specific codebase. At the same time, it builds a searchable, tagged index across APIs, services, databases, and components, narrowing the search space and significantly improving reliability.

The company was founded by Aditi Kothari and Dhiren Mathur, who began working on the problem in October 2023, at the start of the first wave of generative AI adoption. While much of the industry focused on knowledge workers, they saw that developers faced a fundamentally different challenge. Code is non-linear, deeply interconnected, and spread across large systems. They spent nearly two years building the foundational layer that understands codebases and creates the underlying knowledge graph, before launching Potpie publicly last year in January 2025

Early deployments reflect the scale of the problem Potpie is addressing. One customer with a codebase exceeding 40 million lines reduced root cause analysis for production issues from nearly a week to around 30 minutes, with engineers acting as reviewers instead of investigators. Another customer maintaining decades-old systems used Potpie to update and generate tests in the background, compressing work that previously took multiple sprints into a much shorter cycle.

Potpie currently works with Fortune 500 and publicly listed companies in regulated industries, including healthcare and insurtech. Its open-source projects have surpassed 5,000 stars on GitHub, creating a strong magnet for enterprise adoption. 

Leave a comment »

Critical Infrastructure Operators Gain Secure Remote Access That Survives Network Disruptions

Posted in Commentary with tags on February 23, 2026 by itnerd

Xona Systems today announced Platform v5.5, a secure access solution designed to address the convergence of escalating threats, tightening regulatory requirements, and operational realities that legacy VPN and jump server architectures were never built to handle.

Critical infrastructure operators are navigating a fundamentally changed threat landscape in 2026. Nation-state actors are increasingly targeting industrial control systems through remote access vectors, while regulatory frameworks, including NERC CIP, IEC 62443, and TSA SD2 demand demonstrable governance over who accesses critical systems and under what conditions. At the same time, the operational reality of critical infrastructure (offshore platforms, rural substations, bandwidth-constrained sites) requires access solutions that maintain security and auditability even when network conditions degrade. Industry surveys¹ show remote access paths remain a primary driver of OT security incidents, yet many organizations still rely on VPN and jump server tools designed for stable IT networks, not operational technology environments.

Access That Survives Network Disruptions

Critical infrastructure often operates in conditions where traditional remote access tools fail: intermittent connectivity on offshore platforms, bandwidth constraints at rural substations, or air-gapped industrial facilities. Platform v5.5 introduces Session Hold and RDP Auto-Reconnect capabilities that maintain session continuity through network interruptions, allowing operators to continue critical work without losing progress or reauthenticating. This resilience eliminates the gap between security policy and operational reality that has long plagued OT environments, ensuring security controls don’t create incentives for operators to find workarounds during critical moments.

Critical infrastructure environments routinely operate under conditions that undermine assumptions embedded in traditional remote access architectures. Offshore platforms experience intermittent and high-latency connectivity, rural substations face persistent bandwidth constraints, and many industrial sites remain partially or fully air-gapped. In these contexts, conventional VPN- and session-based access tools—designed for stable enterprise IT networks—often fail to maintain session integrity during transient network disruptions, resulting in forced disconnects, loss of operational state, and repeated reauthentication.

Platform v5.5 addresses these constraints through the introduction of Session Hold and RDP Auto-Reconnect capabilities, which preserve session state across temporary connectivity loss without exposing underlying OT assets or expanding the attack surface. These mechanisms are complemented by configurable time synchronization services, enhanced CLI tooling for constrained or disconnected environments, and hardened FIPS-compliant cryptographic behavior to support diverse deployment and regulatory requirements.

By maintaining session continuity and operational context through network interruptions, operators are able to complete time-sensitive maintenance and response activities without restarting workflows or bypassing security controls. This resilience directly mitigates a long-standing tension in OT environments, where security mechanisms that impede operational continuity often incentivize informal workarounds during critical events. Aligning access security with real-world industrial operating conditions ensures that enforcement of security policy does not degrade availability, safety, or response effectiveness—particularly in high-risk, high-consequence scenarios.

Unified Governance Across Distributed Operations

Platform v5.5 expands the Xona Centralizer into a true single-pane-of-glass for secure access governance. Teams can now centrally manage connection and folder structures, session recordings and playback exports, real-time logs and bandwidth metrics, integration syncs with Forescout, Nozomi Networks, and other OT security platforms, and security policy settings that are enforced across all connected Xona Gateways. This full-spectrum visibility gives organizations the ability to scale secure access across global operations without scaling risk, complexity, or oversight burden. Rather than fragmented site-by-site management, teams gain a common, authoritative view that remains enforceable even when connectivity is unstable or bandwidth is constrained, ensuring access remains visible and accountable during the moments that matter most.

Built for How Critical Infrastructure Actually Operates

Platform v5.5 supports the workflows that define critical infrastructure operations. Users can now run multiple concurrent RDP, SSH, and Web sessions, switching between or collaborating across live troubleshooting efforts without interruption. An upgraded session transfer workflow enables secure handoffs between users during shift changes or escalation events, critical for 24/7 operations and remote OEM collaboration. Enhanced audit controls provide the visibility and evidence needed to demonstrate compliance without adding operational burden to security and engineering teams.

“In critical infrastructure, remote access is no longer just about getting connected, it’s about maintaining control under pressure,” said Raed Albuliwi, Chief Product Officer at Xona. “Access models that only work when networks are stable or environments are simple don’t hold up in critical infrastructure. Operators need governance that holds up in the field, not just on paper. That’s exactly what our next-generation access platform delivers.”

Market Traction

Deployed across more than 40 countries in energy, utilities, manufacturing, and maritime sectors, Xona has established itself as the secure access platform purpose-built for critical infrastructure.  Cybersecurity ecosystem partners such as Forescout and Radiflow are working with Xona to replace vulnerable legacy remote access infrastructure.

Availability

As threats, regulations, and operational complexity continue to converge, secure remote access has become one of the most scrutinized control points in critical infrastructure security. Xona Platform v5.5 represents a shift from access that only connects to access that governs, from tools that work in ideal conditions to infrastructure that holds up when it matters most.

Xona Platform v5.5 is available now. Organizations seeking to modernize critical infrastructure remote access can learn more at www.xonasystems.com or schedule a demo.

[1] SANS Institute 2025 survey, “SANS Institute 2025 survey finds OT cybersecurity incidents rising as ransomware and remote access risks grow,” Industrial Cyber, November 20, 2025. Available at: https://industrialcyber.co/news/sans-institute-2025-survey-finds-ot-cybersecurity-incidents-rising-as-ransomware-and-remote-access-risks-grow/

Leave a comment »

ESET Research discovers PromptSpy, the first Android threat to use generative AI

Posted in Commentary with tags on February 20, 2026 by itnerd

ESET researchers have discovered PromptSpy, the first known Android malware to abuse generative AI in its execution flow to achieve persistence. It is the first time generative AI has been deployed in this manner. Because the attackers rely on prompting an AI model (specifically, Google’s Gemini) to guide malicious UI manipulation, ESET has named this family PromptSpy. The malware can capture lockscreen data, block uninstallation attempts, gather device info, take screenshots, record screen activity as video, and more.  This is the second AI-powered malware that ESET Research has discovered, following PromptLock in August 2025, the first known case of AI-driven ransomware.

Based on language localization clues and the distribution vectors observed during analysis, this campaign appears to be financially motivated and seems to primarily target users in Argentina. However, PromptSpy has not been observed in ESET telemetry yet, possibly making it a proof of concept.

While generative AI is deployed only in a relatively minor part of PromptSpy’s code — the one responsible for achieving persistence — it still has a significant impact on the malware’s adaptability. Specifically, Gemini is used to provide PromptSpy with step-by-step instructions on how to make the malicious app “locked”, i.e. pinned, in the recent apps list (often represented by a padlock icon in the multitasking view of many Android launchers), thus preventing it from being easily swiped away or killed by the system. The AI model and prompt are predefined in the code and cannot be changed. 

PromptSpy is distributed by a dedicated website and has never been available on Google Play. As an App Defense Alliance partner, ESET nevertheless shared the findings with Google. Android users are automatically protected against known versions of this malware by Google Play Protect, which is enabled by default on Android devices with Google Play Services.

With the app’s name being MorganArg and its icon seemingly inspired by Morgan Chase, the malware is likely impersonating the Morgan Chase bank. MorganArg, likely a shorthand for “Morgan Argentina”, also appears as the name of the cached website, suggesting a regional targeting focus.

Because PromptSpy blocks uninstallation by overlaying invisible elements on the screen, the only way for a victim to remove it is to reboot the device into Safe Mode, where third party apps are disabled and can be uninstalled normally. To enter Safe Mode, users should typically press and hold the power button, long press Power off, and confirm the Reboot to Safe Mode prompt (though the exact method may differ by device and manufacturer). Once the phone restarts in Safe Mode, the user can go to Settings → Apps → MorganArg and uninstall it without interference.

For a more detailed analysis of PromptSpy check out the latest ESET Research blogpost “PromptSpy ushers in the era of Android threats using GenAI”  on WeLiveSecurity.com

Leave a comment »

The CISA Has Provided Two Warnings That You Should Pay Attention To

Posted in Commentary with tags on February 19, 2026 by itnerd

The CISA has given US government agencies three days to patch their systems against a maximum-severity hardcoded credential vulnerability (CVE-2026-22769)in Dell’s RecoverPoint solution exploited by the UNC6201 Chinese hacking group since mid-2024 https://www.cisa.gov/news-events/alerts/2026/02/18/cisa-adds-two-known-exploited-vulnerabilities-catalog.

Ensar Seker, CISO at threat intelligence company SOCRadar:

“When CISA orders agencies to patch within three days, that signals confirmed active exploitation and real operational risk. This is not theoretical exposure. A hardcoded credential vulnerability like CVE-2026-22769 effectively removes authentication as a barrier. If exploited, it can lead to root-level persistence, which is extremely difficult to detect and eradicate.

“The three-day mandate reflects two things: first, the vulnerability likely provides reliable post-exploitation value; second, federal systems running backup and recovery platforms are high-value targets. Backup infrastructure is especially sensitive because compromising it weakens an organization’s last line of defense against ransomware and destructive attacks. What makes this particularly concerning is that exploitation reportedly began in mid-2024. That means adversaries may have had months of dwell time in some environments. Even after patching, agencies must assume possible compromise and validate integrity, credentials, and persistence mechanisms.

“The real takeaway for enterprises is this: if federal agencies get three days, the private sector should not assume they have three weeks. When a vulnerability combines maximum severity, hardcoded credentials, and active exploitation, patching becomes a board-level risk discussion, not just an IT task.”

On top of that, the CISA published an advisory warning that a critical security vulnerability (CVE-2026-1670) has been identified in four Honeywell CCTV camera models that could allow attackers to bypass authentication and take control of device accounts.

The flaw is classified as “missing authentication for critical function” and has been given a CVSS severity score of 9.8.

According to the advisory, the vulnerability stems from an unauthenticated API endpoint that lets attackers remotely change the “forgot password” recovery email address associated with a camera account. By modifying this recovery email without needing credentials, an attacker could potentially take over the account and gain unauthorized access to live camera feeds or administrative functions.

Honeywell is a widely deployed global supplier of security and video surveillance equipment, including many NDAA-compliant cameras used in government, industrial, and commercial critical infrastructure environments. 

Nick Mo, CEO & Co-founder, Ridge Security Technology Inc. provided this comment:

   “IoT assets like cameras and smart printers remain massive security blind spots. While organizations obsess over protecting “crown jewel” databases, attackers exploit these overlooked devices as easy entry points.

   “The Honeywell zero-day (CVE-2026-1670) shows how a single vulnerability in a CCTV system can compromise critical infrastructure. Whether it’s a sophisticated exploit or a basic failure—like the 2025 Louvre heist where the password was just “Louvre”—the risk is the same: neglected hardware creates an open door.

   “Security testing must include every connected device. Find the holes before the hacker does.”

Michael Bell, Founder & CEO, Suzu Labs had this comment:

   “The device you installed to protect the building just became the way into the network. CVE-2026-1670 lets an unauthenticated attacker change the password recovery email on affected Honeywell cameras and take over the account, no credentials needed. These are NDAA-compliant models that go into government facilities and critical infrastructure, and the vulnerability is an open API endpoint on a password reset function.

   “A physical security contractor puts the cameras up, plugs them into whatever network is available, and IT may never know they’re there. Nobody patches a device nobody knows they own, and nobody segments a device that isn’t in the asset inventory. CISA hasn’t seen active exploitation yet, so there’s still a window to get ahead of this one.”

John Carberry, Solution Sleuth, Xcape, Inc. adds this comment:

   “The discovery of CVE-2026-1670 in Honeywell CCTV cameras serves as a stark reminder that the surveillance systems safeguarding our critical infrastructure are frequently exposed to the public Internet. By leaving a “forgot password” API endpoint unauthenticated, Honeywell inadvertently enabled remote hijacking of device accounts. Attackers could simply redirect recovery emails to themselves, gaining unauthorized access.

   “This vulnerability, boasting a near-perfect CVSS score of 9.8, grants attackers a straightforward route from digital compromise to physical surveillance. This affects NDAA-compliant systems in government and industrial sectors. For Security Operations Center (SOC) teams, the presence of these devices on public-facing networks without VPNs or stringent access controls now constitutes an immediate liability.

   “This issue highlights a fundamental lapse in secure-by-design principles for hardware entrusted with protecting our most sensitive assets. As we increasingly adopt “smart” security solutions for our perimeters, it’s crucial to understand that an unpatched camera is not only a guardian, but it can also become an open portal for pivoting to other sensitive systems.

   “Organizations utilizing affected models must prioritize firmware updates, limit external access through network segmentation, and diligently monitor for any unauthorized configuration changes.

   “When your security cameras can be commandeered remotely, the watcher becomes the watched.”

The CISA does a lot of good work to keep people safe from a cybersecurity standpoint. Thus I would heed their warnings and take action ASAP when they appear.

Leave a comment »

« Older Entries
Newer Entries »