Cisco’s response to the latest SD-WAN and firewall defects has been fast, but the harder question is how long sophisticated actors had a head start — and…

Shadowserver scans have identified 86 compromised instances, and researchers warn multiple threat groups are involved.

Attackers have exploited the critical defect to reconfigure firewall settings and create unauthorized accounts with privileged access to multiple versions of the vendor’s security products.

Researchers warn that half of the exposed vulnerable instances remain unpatched as in-the-wild exploitation grows rapidly.

Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro.

The company’s latest security update contains the second-highest number of defects patched so far this year.

The security vendor silently patched a vulnerability, but did not assign the flaw a CVE or publicly disclose its existence until 17 days later. By then, widespread…

The tech giant didn’t report active exploitation of any of the patched defects, yet details about potential impacts remain limited.

Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed.

The vendor belatedly admitted the max-severity vulnerability was actively exploited weeks after researchers and officials confirmed as much independently.