Five Eyes allies warn hackers are actively exploiting Cisco SD-WAN flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive warning of a “cyber threat actor’s ongoing exploitation of Cisco SD-WAN systems,” describing the activity as presenting a significant risk to federal civilian executive branch networks.
Cybersecurity agencies from the Five Eyes intelligence alliance urgently warned Wednesday that “an advanced threat actor” is actively exploiting new flaws in Cisco networking equipment, pressing organizations to look for signs their systems may already have been compromised.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive warning of a “cyber threat actor’s ongoing exploitation of Cisco SD-WAN systems,” describing the activity as presenting a significant risk to federal civilian executive branch networks.
The vulnerabilities cited in the alerts include CVE-2026-20127 and CVE-2022-20775, which have been linked to real-world exploitation. CISA said it has assessed that the conditions pose “an unacceptable risk to federal agencies and necessitate emergency action.”
Source: https://therecord.media/five-eyes-warn-hackers-exploit-cisco-sd-wan
Related breach coverage
- BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions2025-12-05
CISA details BRICKSTORM, a China-linked backdoor used by China-linked APTs to secure long-term persistence on compromised systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed technical details on BRICKSTORM, a backdoor used by China state-sponsored threat actors to gain and maintain long-term persistence on compromised systems, highlighting ongoing PRC cyber-espionage activity. “The Cybersecurity […]
- U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs2026-04-08
U.S. agencies warn Iran-linked threat actors are targeting internet-exposed PLCs used in critical infrastructure networks. U.S. agencies, including the FBI and CISA, warn that Iran-linked hackers are targeting internet-exposed Rockwell/Allen-Bradley PLCs used in critical infrastructure. The agencies published a joint advisory involving multiple federal organizations. “Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity […]
- Cisco flags ongoing exploitation of two recently patched Catalyst SD-WAN flaws2026-03-06
Cisco warns that two recently patched Catalyst SD-WAN flaws, CVE-2026-20128 and CVE-2026-20122, are already being actively exploited in the wild. Cisco warned customers that threat actors are actively exploiting two recently patched Catalyst SD-WAN vulnerabilities, CVE-2026-20128 and CVE-2026-20122. The networking giant urged organizations to apply the latest security updates to reduce the risk of compromise. […]
- CISA pushes Federal agencies to retire end-of-support edge devices2026-02-07
CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported ones within 12–18 months. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed U.S. federal civilian agencies to strengthen how they manage edge network devices throughout their lifecycle. According to Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices, agencies must […]