> TritonInfoSec News
Home / Jun 25, 2026 / Story
0
#1 BleepingComputer general June 24, 2026 at 21:29 UTC

Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access

By Lawrence Abrams

AI Summary

Mandiant revealed exploitation details for CVE-2026-20245, a zero-day vulnerability in Cisco Catalyst SD-WAN that attackers used to create rogue root accounts on targeted devices at a communications service provider — two months before the flaw was publicly disclosed. The attack leveraged rogue peering to connect to victim SD-WAN devices and escalate to admin and root-level privileges, representing a high-impact supply chain risk for telecom operators running Cisco SD-WAN infrastructure.

Read full article → https://www.bleepingcomputer.com/news/security/man…

Relevance score: 88.0/100

# More from June 25

  1. 2
    Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered The Hacker News
  2. 3
    Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root The Hacker News
  3. 4
    macOS Weaknesses Chained to Silently Disable Endpoint Security Agents SecurityWeek
  4. 5
    New ‘Mistic’ RAT Opens Door to Several Ransomware Families SecurityWeek
  5. 6
    Russian Initial Access Broker Behind FortiBleed Campaign SecurityWeek
  6. 7
    Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration SecurityWeek
  7. 8
    Scattered Spider members plead guilty to hacking Transport for London BleepingComputer
  8. 9
    Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks The Hacker News
  9. 10
    DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering The Hacker News