Tag: zero-day
-
MSHTML Zero-Day in Windows Exploited by APT28 Prior to Feb 2026 Security Update
Microsoft released its Patch Tuesday updates, addressing 59 vulnerabilities, including a critical zero-day flaw in the Windows MSHTML framework. Tracked as CVE-2026-21513, this actively exploited vulnerability allows attackers to bypass security features and execute arbitrary code. APT28 is a well-documented advanced persistent threat group known for sophisticated malware campaigns. Security researchers from Akamai discovered that…
-
âš¡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points.The pattern becomes clear only when you see everything together.…
-
CISA Alerts on RESURGE Malware Exploiting Ivanti Connect Secure Zero-Days
The Cybersecurity and Infrastructure Security Agency (CISA) has released a Malware Analysis Report (MAR) detailing a new malware family dubbed RESURGE, which is actively exploiting a zero-day vulnerability in Ivanti Connect Secure devices. According to CISA, RESURGE builds upon the functionality of the earlier SPAWNCHIMERA malware strain, introducing new commands designed to enhance persistence and…
-
Week in review: Self-spreading npm malware hits developers, Cisco SD-WAN 0-day exploited since 2023
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Identity verification systems are struggling with synthetic fraud Fake and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/01/week-in-review-self-spreading-npm-malware-hits-developers-cisco-sd-wan-0-day-exploited-since-2023/
-
Zero-Days, Data Breaches, and AI Risks Define This Week’s Cybersecurity Landscape
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/zero-days-data-breaches-and-ai-risks-define-this-weeks-cybersecurity-landscape/
-
CISA warns that RESURGE malware can be dormant on Ivanti devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-that-resurge-malware-can-be-dormant-on-ivanti-devices/
-
Attackers Have Been Exploiting Cisco SD-WAN Zero-Day Flaw Since 2023
Cisco and Five Eyes agencies are alerting organizations to a highly sophisticated attack, where threat actors compromise a Cisco SD-WAN controller via a zero-day flaw, downgrade the device to an earlier software version that is vulnerable to an older bug, before gaining root access and restoring the device to its original version. First seen on…
-
Cisco SD-WAN Zero-Day Actively Exploited to Gain Root Access
A critical Cisco SD-WAN zero-day has been exploited since 2023 to bypass authentication and gain persistent root access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisco-sd-wan-zero-day-actively-exploited-to-gain-root-access/
-
Cisco SD-WAN Zero-Day Under Exploitation for 3 Years
The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cisco-sd-wan-zero-day-exploitation-3-years
-
Preventing Breaches MFA on Remote Access to Linux, Unix, and Infrastructure Systems
Most breaches don’t start with malware or zero-day exploits. They start with a login. An attacker gets hold of a password, maybe through phishing, reuse, or a leaked credential dump. They test it against a remote system. An SSH prompt appears. The credentials work. From there, everything unfolds quietly privilege escalation, lateral movement, persistence. By the time anyone notices, the damage is already done. ……
-
How to Bring Zero Trust to the Data Stream Blog – Menlo Security
Zero Trust isn’t complete until it reaches the file. Learn why CISOs are adopting CDR to eliminate zero-day risks and secure content across every channel. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-to-bring-zero-trust-to-the-data-stream-blog-menlo-security/
-
Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control
Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023. The flaw affects Catalyst SD-WAN Controller and Manager and allows remote, unauthenticated attackers to bypass authentication and gain full administrative access by sending…
-
Global Cyber Agencies Urge Immediate Patching of Cisco SD-WAN Zero Day
The US and allies are urging Cisco Catalyst SD-WAN customers to hunt for signs of exploitation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/immediate-patch-cisco-catalyst/
-
Zero-Day-Lücke: Hacker infiltrieren seit Jahren Netzwerke über Cisco-Lücke
Eine Hackergruppe dringt seit 2023 über eine Sicherheitslücke in Cisco-Systemen in Netzwerkinfrastrukturen ein. Einen Patch gibt es erst jetzt. First seen on golem.de Jump to article: www.golem.de/news/seit-2023-hacker-kapern-cisco-systeme-ueber-kritische-zero-day-luecke-2602-205855.html
-
Seit 2023: Hacker kapern Cisco-Systeme über kritische Zero-Day-Lücke
Eine Hackergruppe infiltriert seit Jahren über eine Sicherheitslücke in Cisco-Systemen ganze Netzwerkinfrastrukturen. Einen Patch gibt es erst jetzt. First seen on golem.de Jump to article: www.golem.de/news/seit-2023-hacker-kapern-cisco-systeme-ueber-kritische-zero-day-luecke-2602-205855.html
-
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023.The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain First…
-
VirtualBox – 7 Zero-Day-Schwachstellen in Open-Source-Lösung von Oracle
First seen on security-insider.de Jump to article: www.security-insider.de/oracle-virtualbox-zero-day-sicherheitsluecken-a-eb3c07e756b4939344dad321a4eec6a5/
-
Critical Cisco SD-WAN 0-Day Exploited for Root Access in Active Cyberattacks
Tags: access, authentication, cisco, cvss, cyber, cyberattack, exploit, flaw, network, threat, update, vulnerability, zero-dayCisco has released urgent updates to patch a critical zero-day vulnerability in its Catalyst SD-WAN products. A highly sophisticated threat actor, known as UAT-8616, is actively exploiting this flaw in the wild to gain deep access to enterprise network edges.”‹ Vulnerability Overview Vulnerability Details Information Vulnerability Cisco Catalyst SD-WAN Controller Authentication Bypass Severity Critical CVSS…
-
Critical Cisco SD-WAN 0-Day Exploited for Root Access in Active Cyberattacks
Tags: access, authentication, cisco, cvss, cyber, cyberattack, exploit, flaw, network, threat, update, vulnerability, zero-dayCisco has released urgent updates to patch a critical zero-day vulnerability in its Catalyst SD-WAN products. A highly sophisticated threat actor, known as UAT-8616, is actively exploiting this flaw in the wild to gain deep access to enterprise network edges.”‹ Vulnerability Overview Vulnerability Details Information Vulnerability Cisco Catalyst SD-WAN Controller Authentication Bypass Severity Critical CVSS…
-
Governments issue warning over Cisco zero-day attacks dating back to 2023
The global campaign marks the second series of multiple actively exploited zero-day vulnerabilities in Cisco edge technology since last spring. The similarities don’t end there. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-zero-days-cisa-emergency-directive-five-eyes/
-
CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild
Tags: access, advisory, attack, authentication, cisa, cisco, cve, cyber, cybersecurity, exploit, flaw, government, infrastructure, intelligence, mitigation, network, risk, software, threat, update, vulnerability, zero-dayExploitation of a maximum severity authentication bypass zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager has been reported. Immediate patching is recommended to thwart ongoing attacks. Key takeaways: CVE-2026-20127 is an Authentication Bypass Vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager. Patches have been released and no workarounds are currently available. Exploitation in the…
-
Treasury Sanctions Russian Exploit Brokerage
The U.S. sanctioned Russia-linked Operation Zero for trafficking stolen zero-day exploits tied to national security risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/treasury-sanctions-russian-exploit-brokerage/
-
Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023
Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-cisco-sd-wan-bug-exploited-in-zero-day-attacks-since-2023/
-
Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127)
A >>highly sophisticated<< cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/cisco-sd-wan-zero-day-cve-2026-20127/
-
US sanctions Russian broker for buying stolen zero-day exploits
The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-sanctions-russian-exploit-broker-for-buying-stolen-zero-days/
-
Former Defense Contractor Boss Gets 7+ Years for Selling Zero Days
A former general manager of a US defense contractor has been sentenced after selling zero days to Russia First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/defense-contractor-boss-7-years/
-
Former U.S. Defense contractor executive sentenced for selling zero-day exploits to Russian broker Operation Zero
A former employee at U.S. defense contractor L3Harris got over 7 years in prison for selling eight zero-days to a Russian broker. Peter Williams, a 39-year-old Australian former L3Harris employee, received a prison sentence of just over seven years for selling eight zero-day exploits to the Russian broker Operation Zero for millions. Williams pleaded guilty…
-
Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker
The former head of Trenchant, a specialized U.S. defense contractor unit, was sentenced Tuesday to more than seven years in federal prison for stealing and selling zero-day exploits to a Russian exploit broker whose clients include the Russian government. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ex-l3harris-exec-jailed-for-selling-zero-days-to-russian-exploit-broker/