"Cisco Catalyst SD-WAN Controller Flaw Under Attack-A sophisticated threat actor tracked as UAT-8616 has been attributed to the exploitation of CVE-2026-20182, a critical authentication bypass in Cisco Catalyst SD-WAN Controller. "8616 performed similar post-compromise actions after successfully exploiting CVE-2026-20182, as was observed in the exploitation of CVE-2026-20127 by the same threat actor," Cisco Talos said. "UAT-8616 attempted to add SSH keys, modify NETCONF configurations, and escalate to root privileges.""
A sequence of attacks shows how trust failures in mail servers, network control systems, and software dependencies can lead to credential theft and ransomware claims. A spoofed model page can deliver a stealer, followed by a familiar ransom message claiming data return and deletion. The risk chain is described as weak dependencies leaking keys, leaked keys enabling cloud access, and cloud footholds turning into production incidents. AI is said to accelerate vulnerability discovery and attacker speed, while older exposures remain profitable. The guidance is to patch quiet risks first. Reported incidents include an on-prem Microsoft Exchange Server spoofing flaw under active exploitation and a Cisco Catalyst SD-WAN Controller authentication bypass being targeted, with observed post-compromise actions like adding SSH keys and escalating privileges.
#vulnerability-exploitation #supply-chaintrusted-dependencies #cloud-access-risk #ransomware #exchange-and-network-security
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]