Malicious hackers exploit Cisco zero-day for highest access level at communications service provider

Mandiant discovered attackers exploiting an unpatched Cisco SD-WAN zero-day to achieve root-level access at a communications service provider. This granted them visibility into internal network traffic while evading detection. Communications providers and enterprises running Cisco SD-WAN edge devices are at immediate risk of persistent compromise and lateral movement.

CRITICALAdvisoryJun 24, 2026

Action required

Immediately inventory all Cisco SD-WAN controllers and edge devices in your environment. Apply the latest Cisco security patch and validate successful deployment within 24 hours. Hunt for suspicious root-level access logs and unusual inter-site traffic patterns in the past 90 days.

Affected products

Cisco Catalyst SD-WAN ManagerCiscoMandiantGoogle

Linked articles

Malicious hackers exploit Cisco zero-day for highest access level at communications service provider

Source links

https://cyberscoop.com/cisco-sd-wan-zero-day-exploit-communications-provider/