Cisco SD-WAN Zero-Day Exploited Since 2023, Five Eyes Alert

◆ DEEP DIVES

1. 01

   Emergency: Cisco SD-WAN Zero-Day and the Network Edge Under Siege

   <h3>Three Years of Silent Exploitation</h3><p><strong>CVE-2026-20127</strong>, a CVSS 10/10 zero-day in Cisco Catalyst SD-WAN, has been actively exploited since 2023 by threat group <strong>UAT-8616</strong>. The vulnerability sits in the peering authentication system and grants <strong>full administrative privileges</strong> to unauthenticated attackers. It was discovered not by Cisco or any customer, but by the <strong>Australian Signals Directorate</strong> — a signals intelligence agency — which strongly indicates detection coverage for this exploitation was effectively zero across the industry for three years.</p><p>The severity prompted all <strong>Five Eyes cybersecurity agencies</strong> to issue a joint emergency directive, a coordination level reserved for nation-state exploitation of critical infrastructure. UAT-8616 chained this zero-day with an older 2022 bug in the same product line, meaning even organizations that patched the 2022 issue may have been compromised through the newer vulnerability.</p><blockquote>SD-WAN controllers manage traffic routing across sites — compromise gives an attacker visibility into and control over all traffic traversing your WAN fabric.</blockquote><hr><h3>Concurrent Critical Infrastructure Vulnerabilities</h3><p>This isn't an isolated event. <strong>Five critical network infrastructure vulnerabilities</strong> dropped in the same cycle:</p><table><thead><tr><th>Vulnerability</th><th>CVSS</th><th>Exploitation Status</th><th>Patch Available</th><th>Priority</th></tr></thead><tbody><tr><td>CVE-2026-20127 (Cisco Catalyst SD-WAN)</td><td>10.0</td><td>Active since 2023 (UAT-8616)</td><td>Yes</td><td>P0 — Immediate</td></tr><tr><td>Juniper Networks Routers</td><td>Critical</td><td>Not confirmed</td><td>Yes</td><td>P0 — Immediate</td></tr><tr><td>Trend Micro Apex One</td><td>Critical</td><td>Not confirmed</td><td>Yes</td><td>P0 — Immediate</td></tr><tr><td>CVE-2025-64328 (FreePBX)</td><td>TBD</td><td>900+ servers compromised</td><td>Yes (Nov 2025)</td><td>P1 — Within 24hrs</td></tr><tr><td>CVE-2025-13942 (Zyxel routers)</td><td>TBD</td><td>Unauth command injection</td><td>Yes</td><td>P1 — Within 48hrs</td></tr></tbody></table><p>Network edge devices accounted for <strong>one-third of all exploited products in 2025</strong>, while only 1% of disclosed CVEs were exploited in the wild. The Trend Micro Apex One vulnerability deserves special attention: a compromised endpoint security agent gives attackers <strong>kernel-level persistence and the ability to blind your detection</strong>.</p><p>The <strong>900+ FreePBX servers</strong> infected with EncystPHP webshell via CVE-2025-64328 — nearly half in the US — demonstrate that telephony infrastructure remains a patching blind spot despite patches being available since November 2025.</p>

   Action items

   • Patch all Cisco Catalyst SD-WAN devices for CVE-2026-20127 and conduct forensic review for UAT-8616 indicators dating back to 2023. Rotate all credentials accessible from the SD-WAN management plane.
   • Patch Juniper routers and Trend Micro Apex One within 24 hours. Apex One gets priority because a compromised security agent creates a detection blind spot.
   • Scan all FreePBX instances for EncystPHP webshell presence and apply CVE-2025-64328 patch by end of week.
   • Patch Zyxel devices (CVE-2025-13942) and SolarWinds Web Help Desk (CVE-2025-40552/CVE-2025-40553) within 48 hours.

   Sources:Risky Bulletin: Russian man investigated for extorting Conti ransomware group · Ransomware groups switch to stealthy attacks and long-term access · Critical Flaws Exposed Smart Gardens to Remote Hacking · 🎓️ Vulnerable U | #157

2. 02

   SaaS-Native Espionage and the Collapse of Trusted Traffic Assumptions

   <h3>Google Sheets as Nation-State C2 — For Nine Years</h3><p>Google disrupted a massive Chinese espionage operation by <strong>UNC2814</strong> that maintained footholds in <strong>53 organizations across 42 countries</strong>, primarily targeting telecoms and government agencies. The group's <strong>GRIDTIDE malware</strong> used the Google Sheets API for command-and-control, making malicious traffic indistinguishable from normal business operations. UNC2814 has been active since <strong>2017</strong>, targeting call records, SMS messages, and PII for surveillance of dissidents and activists.</p><p>The technique is devastatingly simple: Google Sheets traffic is HTTPS, goes to trusted Google IPs, and is whitelisted by virtually every corporate proxy and CASB. C2 instructions and exfiltrated data look like normal spreadsheet reads and writes. Google's response included destroying attacker cloud projects, disabling accounts, sinkholing domains, and releasing IOCs — but the <strong>technique itself</strong> is the real concern.</p><blockquote>If your detection stack relies on domain reputation, IP blocklists, or even basic traffic analysis, you would not have caught this. The C2 channel was indistinguishable from a user updating a spreadsheet.</blockquote><hr><h3>Google API Keys: Retroactive Privilege Escalation</h3><p>Truffle Security research revealed that Google's integration of <strong>Gemini into Google Cloud projects</strong> fundamentally changed the security posture of API keys that Google's own documentation historically classified as non-secrets. Google Maps and Firebase API keys — which developers were explicitly told could be embedded in public HTML and JavaScript — now unlock access to <strong>private Gemini AI data including prompts, uploaded files, and cached content</strong>. Thousands of exposed keys are confirmed affected.</p><p>This is not a vulnerability with a CVE — it's a <strong>platform design decision</strong> that retroactively changed the blast radius of credentials already in the wild. Secret scanning tools historically classify Google API keys as low severity or informational. The attack chain is trivial: scrape public websites for Google API keys, check if Generative Language API is enabled, exfiltrate data.</p><hr><h3>Multi-Ecosystem Supply Chain Poisoning</h3><p>Three distinct supply chain attacks were identified across different package ecosystems simultaneously:</p><ul><li><strong>npm</strong>: Malicious package <em>ambar-src</em> hit 50,000+ downloads in days</li><li><strong>NuGet</strong>: Fake Stripe payment utility stealing API tokens from developers</li><li><strong>Chrome extensions</strong>: CrashFix variant using JavaScript promise bombs</li></ul><p>The npm download velocity is particularly alarming — 50,000 downloads in days suggests either typosquatting on a popular package or active promotion through compromised channels.</p>

   Action items

   • Deploy detection rules for Google Sheets-based C2 patterns by end of week: monitor for programmatic Sheets API access from server infrastructure, high-frequency read/write cycles to single documents, and Sheets access from processes without user sessions.
   • Audit all Google Cloud projects for API keys with Gemini/Generative Language API access enabled by March 7. Cross-reference against keys in public repos, client-side JavaScript, and mobile apps. Rotate or restrict immediately.
   • Update secret scanning tools (TruffleHog, GitLeaks, GitHub Advanced Security) to flag Google API keys as HIGH severity, not informational, by March 7.
   • Deploy or verify automated dependency scanning across npm, NuGet, and Chrome extension ecosystems with block-on-malicious policies in CI/CD pipelines by end of sprint.

   Sources:Risky Bulletin: Russian man investigated for extorting Conti ransomware group · Ransomware groups switch to stealthy attacks and long-term access · 🎓️ Vulnerable U | #157 · New IT roles emerge to tackle AI evaluation · The authoritarian AI crisis has arrived · Block layoffs 🚫, lying to the browser ⏰️, Nano Banana 2 🍌

3. 03

   Ransomware's Structural Pivot: Data Theft Surpasses Encryption as Primary Extortion Model

   <h3>The Numbers Tell the Story</h3><p>Two data points should reshape your defensive priorities immediately:</p><ul><li><strong>Data-theft-only extortion</strong> accounted for <strong>57% of all cyber insurance claims</strong> in 2025, surpassing ransomware encryption for the first time (Resilience)</li><li>Ransomware payments <strong>stagnated at $820 million</strong> in 2025 despite a <strong>50% increase</strong> in attack volume (Chainalysis)</li><li>Only <strong>28% of victims paid</strong> — potentially an all-time low — while median ransom jumped 368% to ~$60,000</li></ul><p>The implication is clear: organizations have gotten better at recovering from encryption through backups, immutable storage, and tested restoration procedures. Attackers are adapting by pivoting to pure data theft, where your backup strategy provides zero protection.</p><blockquote>Your data loss prevention and exfiltration detection capabilities are now more important than your backup and recovery posture. If your DLP program is immature or your network monitoring can't detect large-volume data exfiltration, you're exposed to the dominant attack model.</blockquote><hr><h3>The Parasitic Persistence Model</h3><p>Ransomware groups are abandoning the loud, fast smash-and-grab encryption model in favor of <strong>"parasitic residency"</strong> — establishing stealthy, long-term access that enables recurring monetization. They're behaving more like APTs: abusing <strong>identity controls</strong>, persisting through trusted applications and integrations, and avoiding the encryption trigger that most detection stacks are built to catch.</p><p>The emergence of <strong>Stealite RAT</strong> — a SaaS-style tool combining data theft and ransomware management in a single platform — accelerates this by giving less-skilled affiliates a turnkey platform for the full kill chain. This collapses what used to be two separate detection opportunities into one.</p><p>Meanwhile, the ecosystem remains resilient: <strong>85 active extortion groups</strong> operate with shared infrastructure between criminal and state actors. After law enforcement took down the RAMP forum, new forums <strong>T1erOne</strong> and DragonForce's <strong>Rehub</strong> emerged as replacements within weeks. Bulletproof hosting providers and proxy networks are shared between ransomware crews and state-sponsored actors from Iran, Russia, and China.</p><hr><h3>Social Engineering Evolution</h3><p>The <strong>Scattered Lapsus$ Hunters (SLH)</strong> group is <strong>recruiting women at $500-$1,000 per call</strong> specifically to conduct vishing attacks against enterprise help desks. The explicit goal: bypass security awareness training that has conditioned help desk staff to be suspicious of certain caller patterns. This is <em>adversarial adaptation to your training program</em>.</p><p>Separately, a low-skill Russian-speaking actor used <strong>multiple commercial AI services</strong> to compromise over <strong>600 FortiGate devices across 55+ countries</strong> in roughly one month. The methods were basic — mass scanning for exposed management interfaces and credential stuffing — but AI generated custom tooling, attack plans, and step-by-step instructions. Critically, <em>when the attacker hit properly hardened targets, they simply moved on</em> — confirming basic hygiene remains the primary differentiator.</p>

   Action items

   • Review and upgrade DLP and exfiltration detection capabilities by end of Q1. Ensure IR playbooks have a dedicated runbook for exfiltration-without-encryption scenarios.
   • Update help desk identity verification procedures to require callback verification for privileged actions by March 14, regardless of caller characteristics.
   • Verify all FortiGate management interfaces are not exposed to the internet and enforce MFA on all admin access by March 7.
   • Conduct a persistence-focused threat hunt this quarter targeting scheduled tasks, WMI event subscriptions, new service principals, and OAuth app consents.

   Sources:Risky Bulletin: Russian man investigated for extorting Conti ransomware group · Ransomware groups switch to stealthy attacks and long-term access · 🎓️ Vulnerable U | #157 · New IT roles emerge to tackle AI evaluation

4. 04

   Pentagon AI Coercion, Vendor Trust Erosion, and the CISA Leadership Collapse

   <h3>The Defense Production Act as AI Vendor Coercion</h3><p>Defense Secretary Pete Hegseth delivered an ultimatum to Anthropic CEO Dario Amodei: agree to <strong>"all lawful use"</strong> of Claude models by the military by 5:01 PM Friday February 27, or face invocation of the <strong>Defense Production Act</strong> and designation as a <strong>"supply chain risk for the Department of War"</strong> — a classification previously reserved for entities like Huawei. Anthropic refused, drawing red lines at mass domestic surveillance and fully autonomous weapons.</p><p>The precedent matters more than the specific standoff. Google, OpenAI, and xAI have already capitulated to the "all lawful use" standard. Anthropic is the <strong>only AI contractor operating on classified Pentagon networks</strong> (under a $200M contract) and the only holdout. There are <strong>essentially no federal laws</strong> governing military AI — no statute addresses autonomous weapons, no regulation sets standards for AI-assisted surveillance. When the Pentagon says "all lawful use," the phrase is functionally meaningless as a constraint.</p><blockquote>When the government can compel your AI vendor to remove safety controls using a Korean War-era munitions law, your vendor's acceptable use policy is not a security control — it's a suggestion.</blockquote><hr><h3>Anthropic's Contradictory Safety Posture</h3><p>On the same day Anthropic publicly refused the Pentagon's demands, the company <strong>quietly dropped its core Responsible Scaling Policy pledge</strong> — the foundational commitment not to train more capable models without proven safety measures. Chief Science Officer Jared Kaplan called the RSP <strong>"unilateral disarmament."</strong> This creates a binary vendor risk scenario: Anthropic is simultaneously the most safety-conscious frontier AI vendor <em>and</em> one that just abandoned its signature safety commitment under competitive pressure.</p><p>For organizations that selected Claude specifically for its safety positioning, this contradiction demands reassessment. AI-assisted offensive operations are already operational — a hacker used Claude to steal <strong>160GB of Mexican government data</strong> including 195 million taxpayer records.</p><hr><h3>CISA in Crisis</h3><p><strong>Madhu Gottumukkala stepped down as CISA's acting director</strong>, replaced by Nick Andersen in an interim capacity. The permanent nominee, Sean Plankey, remains stalled in Senate confirmation. Former officials describe CISA as <strong>"decimated," "amateur hour,"</strong> and <strong>"pretty much fallen apart."</strong></p><p>If your security program depends on CISA in any way — KEV catalog for vulnerability prioritization, ICS-CERT advisories, JCDC coordination, or Shields Up campaigns — you are operating with a degraded partner. The KEV catalog has become a de facto standard for vulnerability prioritization across federal and private sector organizations, and BOD 22-01 compliance depends on timely updates.</p><p>Meanwhile, the <strong>Health Care Cybersecurity and Resiliency Act</strong> advanced through the Senate HELP Committee with bipartisan support, born from the 2024 Change Healthcare attack. This will modernize HIPAA security controls and create new compliance mandates for anyone touching healthcare data.</p>

   Action items

   • Conduct an Anthropic/Claude vendor risk assessment by March 14. Document all dependencies, evaluate whether compliance posture relied on now-abandoned safety commitments, and prepare two-branch contingency plans (blacklisted vs. compliant scenarios).
   • Audit dependency on CISA-sourced threat intelligence by March 14. Map every process consuming CISA outputs (KEV catalog, advisories, emergency directives) and activate redundant sources (NIST NVD, vendor advisories, commercial feeds, ISACs).
   • Add 'government compulsion risk' as a category in AI vendor risk assessments this quarter. Include contractual requirements for notification if model behavior is altered by government order.
   • If you process healthcare data, begin gap assessment against Health Care Cybersecurity and Resiliency Act requirements this quarter: modernized HIPAA controls, incident response planning, third-party risk management.

   Sources:The authoritarian AI crisis has arrived · Anthropic CEO Says Company Won't Agree to Pentagon Demands · Weekly Top Picks #115 · Gottumukkala out, Andersen in as acting CISA director