top of page
ALL POSTS
Cisco SD-WAN Vulnerability Now Exploited in the Wild: Patch CVE-2026-20262 Immediately
Key Findings CVE-2026-20262 affects Cisco Catalyst SD-WAN Manager and is actively exploited in the wild The vulnerability allows authenticated attackers to write or overwrite arbitrary files on the system Planted files can be leveraged to escalate privileges to root level All deployment types are vulnerable: On-Prem, Cloud-Pro, Cisco-managed cloud, and FedRAMP installations Cisco has released patched builds across all affected versions Attackers are already deploying suspicio
Jun 162 min read
CISA Updates Active Exploit Catalog: Cisco, Arista, and Chromium Vulnerabilities Added
Key Findings CISA added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring immediate remediation across federal and enterprise networks Cisco Catalyst SD-WAN Manager flaw (CVE-2026-20245) allows authenticated attackers to execute commands as root through improper input encoding Google Chromium V8 memory vulnerability (CVE-2026-11645) enables remote code execution via malicious HTML pages with a critical 8.8 CVSS score Arista EOS
Jun 102 min read
Cisco Unified CM Critical Vulnerability: Public Exploit Code Now Available
Key Findings CVE-2026-20230 affects Cisco Unified CM with a CVSS score of 8.6, elevated to Critical severity by vendor Unauthenticated remote attackers can exploit an SSRF flaw to write unauthorized files and potentially gain root access Public proof-of-concept exploit code is already available Vulnerability requires WebDialer service to be enabled, which is disabled by default Fixed releases available: version 14SU6 for Release 14 and 15SU5 for Release 15 No complete workaro
Jun 42 min read
Cisco Catalyst SD-WAN Controller Critical Authentication Bypass Under Active Exploitation for Admin Access
Key Findings Critical authentication bypass vulnerability CVE-2026-20182 (CVSS 10.0) in Cisco Catalyst SD-WAN Controller actively exploited in limited attacks since May 2026 Vulnerability allows unauthenticated remote attackers to gain administrative privileges and manipulate SD-WAN fabric network configurations CISA added the flaw to Known Exploited Vulnerabilities catalog with a May 17, 2026 deadline for federal agencies to remediate The vulnerability affects the vdaemon se
May 143 min read
FIRESTARTER Backdoor Persists on Federal Cisco Security Devices Despite Patches
Key Findings FIRESTARTER backdoor compromised a U.S. federal Cisco Firepower ASA device in September 2025 and persisted even after security patches were applied The malware survives firmware updates and device reboots by embedding itself in the boot sequence, requiring a hard power cycle to remove APT actors exploited CVE-2025-20333 (CVSS 9.9) and CVE-2025-20362 (CVSS 6.5) to gain initial access before deploying FIRESTARTER for persistence Post-exploitation toolkit LINE VIPER
Apr 243 min read
Cisco Patches Critical Vulnerabilities in Identity Services Engine and Webex Platforms
Key Findings Cisco patched four critical vulnerabilities in Identity Services Engine and Webex with CVSS scores ranging from 9.8 to 9.9 CVE-2026-20184 allows unauthenticated attackers to impersonate any Webex user through improper certificate validation CVE-2026-20147, CVE-2026-20180, and CVE-2026-20186 enable authenticated attackers with admin credentials to execute arbitrary code and OS commands No evidence of active exploitation in the wild, but immediate patching is stron
Apr 162 min read
ShinyHunters Claims Theft of 3M+ Cisco Records in Latest Breach Threat
Key Findings ShinyHunters has issued a final warning to Cisco with an April 3, 2026 deadline before publicly leaking over 3 million alleged stolen records The group claims access through three separate breach paths: UNC6040, Salesforce Aura, and compromised AWS accounts Stolen data includes personally identifiable information, GitHub repositories, AWS storage buckets, and internal corporate data Screenshots provided by the group show access to AWS organizational dashboards an
Apr 22 min read
Interlock Ransomware Group Exploits Cisco FMC Zero-Day Vulnerability 36 Days Before Disclosure
Key Findings * Interlock ransomware group exploited CVE-2026-20131 in Cisco FMC 36 days before public disclosure * Zero-day vulnerability allows unauthenticated remote code execution with root privileges * Amazon Threat Intelligence discovered exploitation using global honeypot network * Attackers used sophisticated multi-stage attack with custom tools and evasion techniques * Targeted sectors include education, healthcare, industry, and government Background The Interlock ra
Mar 192 min read
Cisco SD-WAN Zero-Day Exploited Since 2023 for Admin Access
Key Findings: A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023 to gain remote, unauthenticated administrative access. The vulnerability allows an attacker to bypass authentication and gain full administrative access to affected Cisco Catalyst SD-WAN Controller and Manager systems. Exploited environments include on-premises, Cisco Hosted SD-WAN Cloud, and FedRAMP Cisco Hosted SD-WAN Cloud deployments.
Feb 262 min read
Cisco Patches Critical Vulnerabilities in Meeting Software
Key Findings Cisco has released urgent updates to address critical vulnerabilities in Cisco Meeting Management and Cisco TelePresence Collaboration Endpoint (CE) Software The vulnerabilities could allow attackers to seize control of meeting management systems or crash communication endpoints The most severe flaw, CVE-2026-20098, carries a high CVSS score of 8.8 and allows remote attackers to execute arbitrary commands with root privileges Background Cisco Meeting Management i
Feb 51 min read
Cisco Fixes Actively Exploited Zero-Day in Unified Communications
Key Findings Cisco patched a critical zero-day remote code execution (RCE) flaw, tracked as CVE-2026-20045 (CVSS score of 8.2), that is actively being exploited in attacks. The vulnerability allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. The bug affects Cisco Unified CM, Unified CM SME, IM & Presence, Unity Connection, and Webex Calling Dedicated Instance. Cisco is aware of attempted exploitat
Jan 221 min read
Cisco Patches ISE Security Vulnerability After Exploit Release
Key Findings: Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. The vulnerability is due to improper parsing of XML that is processed by the web-based management
Jan 82 min read
Amazon Ties Cisco, Citrix Zero-Day Exploits to APT Group
Key Findings Amazon's threat intelligence team observed an advanced persistent threat group exploiting zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products before the vendors disclosed and patched the issues. The attacks leveraged the following vulnerabilities: CVE-2025-5777 (CVSS score: 9.3) - An insufficient input validation vulnerability in Citrix NetScaler ADC and Gateway that could be exploited to bypass authentication. (Fixed
Nov 12, 20252 min read
bottom of page
