Cyber authorities issued their second emergency directive in three weeks. This one requires agencies to mitigate or disconnect potentially compromised F5 devices and services.

The security vendor’s customers have confronted a barrage of actively exploited defects since 2021. The brute-force attack on a company-controlled system underscores broader security pitfalls are afoot.

The agency, which issued an emergency directive to federal agencies Thursday, said it took months to determine the root cause and mitigate the activity.

Cisco said it was investigating state-sponsored espionage attacks in May. CISA did not explain why it waited four months to issue an emergency directive.

The company confirmed to CyberScoop that an unidentified cybercriminal accessed SonicWall’s customer portal through a series of brute-force attacks.

The vulnerability, which Cisco said it discovered during internal security testing, could allow unauthenticated attackers to execute high-privilege commands.

About 20 organizations have been impacted and the pace of attacks is rising. Threat researchers and SonicWall are scrambling to determine the root cause.

The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it.

The network security device vendor is making a regular appearance on CISA’s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn’t signed the secure-by-design pledge.

Mandiant said exploits were the most common initial access vector last year, linking software defects to 1 in 3 attacks. The most commonly exploited vulnerabilities affected network…