Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager
Early 2026 Mandiant uncovered a zero‑day privilege‑escalation flaw (CVE‑2026‑20245) in Cisco Catalyst SD‑WAN Manager. The vulnerability allowed a threat actor to upload a crafted CSV file, create a root‑level “troot” account, and fully compromise the controller after first gaining SSH access via rogue peering and credential manipulation. The attackers employed anti‑forensic techniques, deleting malicious files and restoring original configurations to hide their presence. Cisco has issued patches for multiple software releases, urging immediate upgrades.
Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability
Mandiant disclosed a critical ViewState deserialization flaw (CVE‑2026‑5426) in Digital Knowledge’s KnowledgeDeliver LMS, caused by identical ASP.NET machine keys across deployments. The shared keys let an unauthenticated attacker craft malicious ViewState payloads, achieve remote code execution, and install the in‑memory...
Welcome to BlackFile: Inside a Vishing Extortion Operation
Google Threat Intelligence Group reports UNC6671, operating under the BlackFile brand, running a vishing‑based extortion campaign that targets Microsoft 365 and Okta environments. The group uses real‑time adversary‑in‑the‑middle attacks to capture MFA credentials, then registers attacker‑controlled devices for persistence. Automated...
Defending Your Enterprise When AI Models Can Find Vulnerabilities Faster Than Ever
General‑purpose AI models are now capable of discovering and even generating functional exploits, compressing the traditional vulnerability‑to‑exploit timeline. Threat actors are already leveraging large language models to automate zero‑day creation, threatening enterprises that rely on human‑speed patching. In response, security...