{"id":246961,"date":"2026-05-15T10:12:00","date_gmt":"2026-05-15T14:12:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/15\/cisco-zero-day-under-ongoing-attack-by-persistent-threat-group\/"},"modified":"2026-05-15T10:12:00","modified_gmt":"2026-05-15T14:12:00","slug":"cisco-zero-day-under-ongoing-attack-by-persistent-threat-group","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/15\/cisco-zero-day-under-ongoing-attack-by-persistent-threat-group\/","title":{"rendered":"Cisco zero-day under ongoing attack by persistent threat group"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/cisco-sd-wan-zero-day-exploited\/\">Cisco zero-day under ongoing attack by persistent threat group<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/cisco-sd-wan-zero-day-exploited\/\">https:\/\/cyberscoop.com\/cisco-sd-wan-zero-day-exploited\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-15 10:12:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>Attackers returned once again to a common target with a massive user base by exploiting a max-severity zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager.<\/p>\n<p>The threat group behind the \u201climited\u201d number of attacks Cisco is aware of thus far are also linked to a series of previously disclosed vulnerabilities in the vendor\u2019s firewalls and SD-WAN systems, the company said in a threat advisory Thursday.<\/p>\n<p>The authentication bypass vulnerability \u2014 CVE-2026-20182 \u2014 has a CVSS rating of 10 and \u201cbehaves like a master key,\u201d Douglas McKee, director of vulnerability intelligence at Rapid7, wrote in a blog post.\u00a0<\/p>\n<p>\u201cAn attacker can present themselves to the controller as a trusted network router and, if the system accepts that claim without properly validating it, they can obtain the highest level of administrative access,\u201d he added. \u201cThat is the cybersecurity version of a Jedi mind trick.\u201d<\/p>\n<p>Rapid7 discovered and reported the vulnerability to Cisco on March 9, and Cisco said it became aware of limited exploitation of the vulnerability earlier this month. The vendor disclosed and released a patch for the vulnerability Thursday, and the Cybersecurity and Infrastructure Security Agency quickly added the defect to its known exploited vulnerabilities catalog.<\/p>\n<p>Cisco did not explain what occurred during that two-month window. Yet, the disclosure and warning from researchers marks another challenge for Cisco customers that have confronted a flood of actively exploited vulnerabilities affecting the vendor\u2019s network edge software since late February.\u00a0<\/p>\n<p>Cisco isn\u2019t the only security vendor facing an onslaught of attacks on its customers, but it is among the most heavily targeted. CISA has added seven vulnerabilities affecting Cisco SD-WANs and firewalls to its known exploited vulnerabilities catalog in less than three months.<\/p>\n<p>Cisco Talos researchers attributed the latest round of zero-day attacks to UAT-8616,&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/cisco-sd-wan-zero-day-exploited\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco zero-day under ongoing attack by persistent threat group https:\/\/cyberscoop.com\/cisco-sd-wan-zero-day-exploited\/ Publish Date: 2026-05-15 10:12:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-246961","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/246961"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=246961"}],"version-history":[{"count":0,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/246961\/revisions"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=246961"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=246961"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=246961"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}