Tag: cisco
-
Cisco Firewall Management Flaw Enables Remote Code Execution
Cisco disclosed a critical firewall management flaw that allows unauthenticated remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisco-firewall-management-flaw-enables-remote-code-execution/
-
Cisco reveals 2 max-severity defects in firewall management software
The vendor said it’s not aware of any active exploitation of the vulnerabilities, which could allow remote attackers to achieve root access and execute code. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-critical-vulnerabilities-secure-firewall-management-center-software/
-
Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild.The vulnerabilities in question are listed below -CVE-2026-20122 (CVSS score: 7.1) – An arbitrary file overwrite vulnerability that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. First…
-
Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild.The vulnerabilities in question are listed below -CVE-2026-20122 (CVSS score: 7.1) – An arbitrary file overwrite vulnerability that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. First…
-
Cisco warns of SD-WAN Manager exploitation, fixes 48 firewall vulnerabilities
Cisco has confirmed that two Catalyst SD-WAN Manager vulnerabilities (CVE-2026-20128 and CVE-2026-20122) patched in late February 2025 are being exploited by attackers. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/05/cisco-cve-2026-20128-cve-2026-20122-exploited/
-
PoC Exploit for Cisco SD-WAN 0-Day Vulnerability Now Released, Actively Exploited in the Wild
A critical zero-day vulnerability in Cisco Catalyst SD-WAN infrastructure, tracked as CVE-2026-20127, is currently under active exploitation by highly sophisticated threat actors. The situation has grown considerably more severe following the public release of a working Proof-of-Concept (PoC) exploit, which significantly lowers the barrier to entry for cybercriminals. Critical infrastructure sectors must act immediately to…
-
UAT-9244 targets South American telecommunication providers with three new malware implants
Cisco Talos is disclosing UAT-9244, who we assess with high confidence is a China-nexus advanced persistent threat (APT) actor closely associated with Famous Sparrow. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-9244/
-
Cisco flags more SD-WAN flaws as actively exploited in attacks
Cisco has flagged two more Catalyst SD-WAN Manager security flaws as actively exploited in the wild, urging administrators to upgrade vulnerable devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-flags-more-sd-wan-flaws-as-actively-exploited-in-attacks/
-
Cisco Issues Patches for 48 Vulnerabilities in Enterprise Networking Products
Two of the 48 Cisco vulnerabilities, affecting Secure Firewall Management Center, are maximum-severity flaws First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisco-issues-patches-48/
-
Cisco Secure Firewall Management Flaw Allows Remote Code Execution
Cisco recently disclosed a critical security vulnerability affecting its Secure Firewall Management Centre (FMC) software. This severe flaw carries a maximum severity score of 10.0 and allows unauthenticated, remote attackers to execute arbitrary code with root privileges. CVE ID CVSS Score Vulnerability Type CWE CVE-2026-20131 10.0 (Critical) Remote Code Execution CWE-502 The root cause of…
-
Cisco Secure Firewall Vulnerability Exposes Networks to Authentication Bypass Attacks
Cisco recently disclosed a critical vulnerability in its Secure Firewall Management Centre (FMC) Software that allows unauthenticated remote attackers to gain complete root access to affected devices. Holding a maximum severity CVSS score of 10.0, this flaw demands immediate attention from network administrators. Discovered during internal security testing by Cisco researcher Brandon Sakai, the vulnerability…
-
Cisco Catalyst SD-WAN Flaws Expose Devices to Root Access, Threatening Network Security
Cisco has issued critical software updates to address multiple vulnerabilities in the Catalyst SD-WAN Manager (formerly SD-WAN vManage) that could allow attackers to bypass authentication, elevate privileges to root, and execute arbitrary commands. The advisory (cisco-sa-sdwan-authbp-qwCX8D4v), originally published on February 25, 2026, was urgently updated on March 5, 2026, after Cisco confirmed active in-the-wild exploitation…
-
Cisco Catalyst SD-WAN Flaws Expose Devices to Root Access, Threatening Network Security
Cisco has issued critical software updates to address multiple vulnerabilities in the Catalyst SD-WAN Manager (formerly SD-WAN vManage) that could allow attackers to bypass authentication, elevate privileges to root, and execute arbitrary commands. The advisory (cisco-sa-sdwan-authbp-qwCX8D4v), originally published on February 25, 2026, was urgently updated on March 5, 2026, after Cisco confirmed active in-the-wild exploitation…
-
Cisco fixes maximum-severity Secure FMC bugs threatening firewall security
Cisco patched two critical Secure FMC vulnerabilities that could let attackers gain root access to managed firewalls. Cisco addressed two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) that could allow attackers to gain root access. Cisco Secure Firewall Management Center (FMC) is a centralized management platform for Cisco firewalls. It lets administrators configure,…
-
Cisco warns of max severity Secure FMC flaws giving root access
Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access/
-
Cybersecurity is now the price of admission for industrial AI
Industrial organizations are accelerating AI deployment across manufacturing, utilities, and transportation and running straight into a security problem. Cisco’s 2026 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/cisco-industrial-ai-cybersecurity/
-
Talos on the developing situation in the Middle East
Cisco Talos continues to monitor the ongoing conflict in the Middle East. As always, we will be watching closely for any cyber-related incidents that are tied to the conflict. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/talos-developing-situation-in-the-middle-east/
-
Week in review: Self-spreading npm malware hits developers, Cisco SD-WAN 0-day exploited since 2023
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Identity verification systems are struggling with synthetic fraud Fake and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/01/week-in-review-self-spreading-npm-malware-hits-developers-cisco-sd-wan-0-day-exploited-since-2023/
-
5 Nations Alert: Critical Cisco Bug Used in Global Espionage Campaign
Hackers exploited a critical Cisco SD-WAN flaw, prompting a rare joint warning from the US, UK, Australia, Canada, and New Zealand. The post 5 Nations Alert: Critical Cisco Bug Used in Global Espionage Campaign appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-sdwan-flaw-five-eyes-joint-warning/
-
Dohdoor Malware Targets U.S. Schools and Healthcare with Multi-Stage Attack
A new backdoor dubbed Dohdoor is actively targeting schools and health care organizations in the United States through a stealthy multi-stage attack chain. UAT-10027 focuses on education and health care entities in the U.S., sectors that handle highly sensitive personal and medical data but often have limited security budgets and legacy systems. Cisco Talos assesses with low…
-
Attackers Have Been Exploiting Cisco SD-WAN Zero-Day Flaw Since 2023
Cisco and Five Eyes agencies are alerting organizations to a highly sophisticated attack, where threat actors compromise a Cisco SD-WAN controller via a zero-day flaw, downgrade the device to an earlier software version that is vulnerable to an older bug, before gaining root access and restoring the device to its original version. First seen on…
-
Cisco SD-WAN Zero-Day Actively Exploited to Gain Root Access
A critical Cisco SD-WAN zero-day has been exploited since 2023 to bypass authentication and gain persistent root access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisco-sd-wan-zero-day-actively-exploited-to-gain-root-access/
-
Cisco SD-WAN Zero-Day Under Exploitation for 3 Years
The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cisco-sd-wan-zero-day-exploitation-3-years
-
UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor
UAT-10027 campaign is targeting U.S. education and healthcare sectors to deploy a new Dohdoor backdoor. Cisco Talos has identified a new threat cluster, tracked as UAT-10027, targeting U.S. education and healthcare organizations since at least December 2025 to deploy a previously unseen backdoor named Dohdoor. Initial access likely occurs through phishing, triggering a PowerShell script…
-
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
-
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
-
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
-
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
-
Cisco says hackers have been exploiting a critical bug to break into big customer networks since 2023
The U.S. government and its allies said hackers have been exploiting the newly identified bug in Cisco networking gear around the world for years, and urged organizations to patch. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/26/cisco-says-hackers-have-been-exploiting-a-critical-bug-to-break-into-big-customer-networks-since-2023/