Cyber Security

Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127)

Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127)

A “highly sophisticated” cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller (formerly vSmart), Cisco has announced today. The vulnerability was reported by Australian Signals Directorate’s Australian Cyber Security Centre, who said that once the vulnerability was exploited, “the malicious actors add[ed] a rogue peer, and eventually gain[ed] root access to establish long-term persistence in SD-WANs.” “This vulnerability exists because the peering authentication mechanism in an affected … More

The post Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127) appeared first on Help Net Security.

Read More

Related Posts

Why 'Call This Number' TOAD Emails Beat Gateways

Why 'Call This Number' TOAD Emails Beat Gateways

Manual Processes Are Putting National Security at Risk

Manual Processes Are Putting National Security at Risk

Reddit fined $19.5 million for failing to protect children’s personal data

Reddit fined $19.5 million for failing to protect child...

SentinelOne addresses identity risk across endpoints, browsers, and AI workflows

SentinelOne addresses identity risk across endpoints, b...

Anthropic brings Claude Code to mobile devices

Anthropic brings Claude Code to mobile devices

SolarWinds Serv-U hit by four critical RCE-level vulnerabilities

SolarWinds Serv-U hit by four critical RCE-level vulner...