CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching.
The post Cisco SD-WAN Zero-Day Exploited Months Before Patching appeared first on SecurityWeek.
Cisco noted that a PoC had been available for CVE-2026-20230 when it announced patches in early June.
The post Hackers Exploiting Cisco Unified CM Vulnerability appeared first on SecurityWeek.
WideField will accelerate Agentic SOC capabilities by expanding the lens on threat investigation to include identity, credentials, sessions, and blast radius.
The post Cisco to Acquire WideField Security to Boost Splunkβs Agentic SOC appeared first on SecurityWeek.
Insufficient validation of user input allows an attacker to gain access to the underlying OS and elevate their privileges to root.
The post Critical Command Execution Vulnerability Patched in Cisco ISE appeared first on SecurityWeek.
Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write.
The post Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks appeared first on SecurityWeek.
The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet.
The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 appeared first on SecurityWeek.
The high-severity flaw can be exploited remotely, without authentication, in server-side request forgery (SSRF) attacks.
The post Cisco Warns of Available PoC for Critical Unified CM Vulnerability appeared first on SecurityWeek.
Insufficient validation and authentication in the Secure Workloadβs REST APIs provide remote attackers with Site Admin privileges.
The post Cisco Patches Critical Vulnerability in Secure Workload appeared first on SecurityWeek.
The zero-day, tracked as CVE-2026-20182, has been exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616.
The post Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 appeared first on SecurityWeek.
The acquisition strengthens Ciscoβs push into identity-centric security for AI and machine access.
The post Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks appeared first on SecurityWeek.
The new kit aims to address risks related to poisoned models, regulatory issues, supply chain integrity, and incident response.
The post Cisco Releases Open Source Tool for AI Model ProvenanceΒ appeared first on SecurityWeek.
The malware provides remote access and control of infected devices and maintains post-patching persistence.
The post US Federal Agencyβs Cisco Firewall Infected With βFirestarterβ Backdoor appeared first on SecurityWeek.
CISA expanded the KEV catalog with eight flaws, but five of them have been flagged as exploited before.
The post Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities appeared first on SecurityWeek.
The flaws can be exploited remotely to impersonate users or execute arbitrary commands on the underlying OS.
The post Cisco Patches Critical Vulnerabilities in Webex, ISE appeared first on SecurityWeek.
Login