The defect marks the seventh actively exploited zero-day in Cisco SD-WANs this year, and the vendor has yet to release a patch.

AI is breaking things faster than anyone can fix them. Security leaders across the industry are racing to figure out what comes next.

The threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems.

Investigators found the malware, dubbed Firestarter, on a federal agency's network in a campaign dating back to at least September 2025.

GreyNoise researchers spotted a consistent trend in forthcoming vulnerabilities affecting security tools, providing defenders an early-warning system for likely imminent attacks.

The program comes as the tech industry races to secure software before similar AI-powered offensive capabilities become too much for defenders to handle.

Cisco’s response to the latest SD-WAN and firewall defects has been fast, but the harder question is how long sophisticated actors had a head start — and…

The vendor said it’s not aware of any active exploitation of the vulnerabilities, which could allow remote attackers to achieve root access and execute code.

The global campaign marks the second series of multiple actively exploited zero-day vulnerabilities in Cisco edge technology since last spring. The similarities don’t end there.

Cisco has yet to release a patch for the actively exploited vulnerability, and attacks have been underway since at least late November.