Tag: cisco
-
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
-
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
-
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
-
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.”Dohdoor utilizes the DNS-over-HTTPS…
-
Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control
Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023. The flaw affects Catalyst SD-WAN Controller and Manager and allows remote, unauthenticated attackers to bypass authentication and gain full administrative access by sending…
-
New Dohdoor malware campaign targets education and health care
Cisco Talos discovered an ongoing malicious campaign since at least as early as December 2025 by a threat actor we track as “UAT-10027,” delivering a previously undisclosed backdoor dubbed “Dohdoor.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/new-dohdoor-malware-campaign/
-
Global Cyber Agencies Urge Immediate Patching of Cisco SD-WAN Zero Day
The US and allies are urging Cisco Catalyst SD-WAN customers to hunt for signs of exploitation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/immediate-patch-cisco-catalyst/
-
Sicherheitslücke: Hacker infiltrieren über Cisco-Systeme seit Jahren Netzwerke
Eine Hackergruppe dringt seit 2023 über eine Sicherheitslücke in Cisco-Systemen in Netzwerkinfrastrukturen ein. Einen Patch gibt es erst jetzt. First seen on golem.de Jump to article: www.golem.de/news/seit-2023-hacker-kapern-cisco-systeme-ueber-kritische-zero-day-luecke-2602-205855.html
-
Zero-Day-Lücke: Hacker infiltrieren seit Jahren Netzwerke über Cisco-Lücke
Eine Hackergruppe dringt seit 2023 über eine Sicherheitslücke in Cisco-Systemen in Netzwerkinfrastrukturen ein. Einen Patch gibt es erst jetzt. First seen on golem.de Jump to article: www.golem.de/news/seit-2023-hacker-kapern-cisco-systeme-ueber-kritische-zero-day-luecke-2602-205855.html
-
Seit 2023: Hacker kapern Cisco-Systeme über kritische Zero-Day-Lücke
Eine Hackergruppe infiltriert seit Jahren über eine Sicherheitslücke in Cisco-Systemen ganze Netzwerkinfrastrukturen. Einen Patch gibt es erst jetzt. First seen on golem.de Jump to article: www.golem.de/news/seit-2023-hacker-kapern-cisco-systeme-ueber-kritische-zero-day-luecke-2602-205855.html
-
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023.The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain First…
-
Critical Cisco SD-WAN 0-Day Exploited for Root Access in Active Cyberattacks
Tags: access, authentication, cisco, cvss, cyber, cyberattack, exploit, flaw, network, threat, update, vulnerability, zero-dayCisco has released urgent updates to patch a critical zero-day vulnerability in its Catalyst SD-WAN products. A highly sophisticated threat actor, known as UAT-8616, is actively exploiting this flaw in the wild to gain deep access to enterprise network edges.”‹ Vulnerability Overview Vulnerability Details Information Vulnerability Cisco Catalyst SD-WAN Controller Authentication Bypass Severity Critical CVSS…
-
Critical Cisco SD-WAN 0-Day Exploited for Root Access in Active Cyberattacks
Tags: access, authentication, cisco, cvss, cyber, cyberattack, exploit, flaw, network, threat, update, vulnerability, zero-dayCisco has released urgent updates to patch a critical zero-day vulnerability in its Catalyst SD-WAN products. A highly sophisticated threat actor, known as UAT-8616, is actively exploiting this flaw in the wild to gain deep access to enterprise network edges.”‹ Vulnerability Overview Vulnerability Details Information Vulnerability Cisco Catalyst SD-WAN Controller Authentication Bypass Severity Critical CVSS…
-
Governments issue warning over Cisco zero-day attacks dating back to 2023
The global campaign marks the second series of multiple actively exploited zero-day vulnerabilities in Cisco edge technology since last spring. The similarities don’t end there. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-zero-days-cisa-emergency-directive-five-eyes/
-
Feds Scramble Amid Shutdown to Secure Cisco SD-WAN Systems
Emergency CISA Directive Lands as DHS Shutdown Strains Cyber Operations. The Cybersecurity and Infrastructure Security Agency issued a directive Wednesday ordering civilian agencies to secure and hunt for compromise in vulnerable Cisco SD-WAN systems after officials observed active exploitation – while warning that shutdown-related disruptions heighten operational risk. First seen on govinfosecurity.com Jump to article:…
-
CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild
Tags: access, advisory, attack, authentication, cisa, cisco, cve, cyber, cybersecurity, exploit, flaw, government, infrastructure, intelligence, mitigation, network, risk, software, threat, update, vulnerability, zero-dayExploitation of a maximum severity authentication bypass zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager has been reported. Immediate patching is recommended to thwart ongoing attacks. Key takeaways: CVE-2026-20127 is an Authentication Bypass Vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager. Patches have been released and no workarounds are currently available. Exploitation in the…
-
CISA orders agencies to patch Cisco devices now under attack
The vulnerabilities, scored as critical, affect the company’s software-defined wide-area networking (SD-WAN) systems. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-emergency-directive-cisco-sd-wan-devices/813110/
-
Five Eyes allies warn hackers are actively exploiting Cisco SD-WAN flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive warning of a “cyber threat actor’s ongoing exploitation of Cisco SD-WAN systems,” describing the activity as presenting a significant risk to federal civilian executive branch networks. First seen on therecord.media Jump to article: therecord.media/five-eyes-warn-hackers-exploit-cisco-sd-wan
-
Cisco Catalyst SD-WAN users targeted in series of cyber attacks
The NCSC, Cisa, and other Five Eyes agencies have warned of mass exploitation of vulnerabilities in Cisco Catalyst SD-WAN, which Cisco is attributing to an unknown threat actor called UAT-8616. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639459/Cisco-Catalyst-SD-WAN-users-targeted-in-series-of-cyber-attacks
-
Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023
Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-cisco-sd-wan-bug-exploited-in-zero-day-attacks-since-2023/
-
Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127)
A >>highly sophisticated<< cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/cisco-sd-wan-zero-day-cve-2026-20127/
-
Active exploitation of Cisco Catalyst SD-WAN by UAT-8616
Cisco Talos is tracking the active exploitation of CVE-2026-20127, a vulnerability in Cisco Catalyst SD-WAN Controller, formerly vSmart, that allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-8616-sd-wan/
-
Open-Weight AI Models Fail the Jailbreak Test
Cisco: One Prompt May Not Break Most AI Models, But a Conversation Will. Cisco tested eight major open-weight artificial intelligence models and found multi-turn jailbreak attacks succeeded nearly 93% of the time, exposing a blind spot in how enterprises assess and deploy large language models safety. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/open-weight-ai-models-fail-jailbreak-test-a-30823
-
Datenschutz, Governance, Datenzugriff Studie: KI treibt Datenschutz-Investitionen
First seen on security-insider.de Jump to article: www.security-insider.de/cisco-studie-ki-treibt-datenschutz-investitionen-a-2c2e1938cb9665b8b8bbb5ee69487630/
-
AI’s ‘connective tissue’ is woefully insecure, Cisco warns
In a new report, the company also said businesses should beware of the “SolarWinds of AI.” First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-agents-model-context-protocol-cisco-report/812580/
-
The AI world’s ‘connective tissue’ is woefully insecure, Cisco warns
In a new report, the company also said businesses should beware of the “SolarWinds of AI.” First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-agents-model-context-protocol-cisco-report/812580/
-
Researchers Uncover DoS Vulnerabilities in Socomec DIRIS M-70 IIoT Power Meter via Thread Emulation Fuzzing
Selective thread emulation and coverage-guided fuzzing have exposed six denial-of-service (DoS) vulnerabilities in the Socomec DIRIS M-70 IIoT power-monitoring gateway, all of which are now patched under Cisco’s Coordinated Disclosure Policy. The Socomec DIRIS M-70 gateway is a central communications node for energy monitoring, supporting RS485 and Ethernet plus protocols such as Modbus RTU, Modbus…
-
A new approach for GenAI risk protection
Solution 1: GenAI enterprise model: Implement enterprise licenses for approved GenAI solutions (such as ChatGPT Enterprise or Microsoft CoPilot 365, which is integrated into existing O365 tenants). Enterprise GenAI solutions typically include a robust set of built-in security tools that allow organizations to secure their data and implement DLP controls within the enterprise GenAI solution…