Cisco\u2019s latest vulnerability spree has a more troubling pattern underneath | CyberScoop<\/title> <meta name=\"description\" content=\"Cisco\u2019s response to the latest SD-WAN and firewall defects has been fast, but the harder question is how long sophisticated actors had a head start \u2014 and what\u2019s already compromised.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cisco-firewall-sd-wan-vulnerabilities-exploited\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Cisco\u2019s latest vulnerability spree has a more troubling pattern underneath\"> <meta property=\"og:description\" content=\"Cisco\u2019s response to the latest SD-WAN and firewall defects has been fast, but the harder question is how long sophisticated actors had a head start \u2014 and what\u2019s already compromised.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cisco-firewall-sd-wan-vulnerabilities-exploited\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-03-18T21:31:36+00:00\"> <meta property=\"article:modified_time\" content=\"2026-03-18T21:31:39+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1773246214g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1772477397g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1773271249g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88294\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88294\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisco-firewall-sd-wan-vulnerabilities-exploited%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisco-firewall-sd-wan-vulnerabilities-exploited%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88294 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cisco-firewall-sd-wan-vulnerabilities-exploited\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.21269296741\">\n<div class=\"single-article__header-content\" readability=\"35.617582417582\">\n<p> Cisco\u2019s response to the latest SD-WAN and firewall defects has been fast, but the harder question is how long sophisticated actors had a head start \u2014 and what\u2019s already compromised. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88294\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> The Cisco Systems logo is displayed at the Mobile World Congress (MWC) in Barcelona on February 25, 2019. (GABRIEL BOUYS \/ AFP) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"74.357387185897\"><body readability=\"153.61318713028\"><\/p>\n<p>Cisco customers have confronted a flood of actively exploited vulnerabilities affecting the vendor\u2019s network edge software since late February, and researchers say that five of the nine vulnerabilities Cisco disclosed in its firewalls and SD-WAN systems over the past three weeks have already been exploited in the wild. <\/p>\n<p>Attackers exploited a pair of these defects \u2014 zero-day vulnerabilities in Cisco SD-WANs \u2014 for <a href=\"https:\/\/cyberscoop.com\/cisco-zero-days-cisa-emergency-directive-five-eyes\/\">at least three years<\/a> before the vendor and authorities discovered and issued warnings about the threat. Cisco disclosed an <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-sdwan-authbp-qwCX8D4v\">additional five SD-WAN vulnerabilities<\/a> that same day, and three of those defects have since been confirmed actively exploited as well.<\/p>\n<p>Weaknesses lurking in Cisco security products don\u2019t end there. Amazon Threat Intelligence on Wednesday said one of the two max-severity <a href=\"https:\/\/cyberscoop.com\/cisco-critical-vulnerabilities-secure-firewall-management-center-software\/\">defects Cisco reported in its firewall management software<\/a> earlier this month has been actively <a href=\"https:\/\/aws.amazon.com\/blogs\/security\/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls\/\">exploited by Interlock ransomware<\/a> since Jan. 26, more than a month before those vulnerabilities were publicly disclosed.<\/p>\n<p>Some organizations, officials and members of the security community at large have missed widening risks as more of the defects come under attack. The flurry of Cisco SD-WAN and firewall vulnerabilities includes defects with low CVSS ratings, zero-days and others that were determined actively exploited after disclosure.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThese are not random bugs in low-value software. These are management-plane and control-plane weaknesses in devices at the network edge, which often function as trust anchors in enterprise environments,\u201d Douglas McKee, director of vulnerability intelligence at Rapid7, told CyberScoop.<\/p>\n<p>\u201cIf you compromise SD-WAN or firewall management, you\u2019re landing on policy, visibility, routing, segmentation, and, in many cases, administrative trust over a large swath of the environment,\u201d he added. \u201cAttackers know that and, when they find a pre-auth path into those systems, especially one that can be chained to root, that\u2019s about as attractive as it gets.\u201d<\/p>\n<p>The full slate of recently disclosed Cisco vulnerabilities affecting these systems include:<\/p>\n<p>Researchers from multiple firms and Cisco have observed or been notified of active exploitation of CVE-2026-20127, CVE-2022-20775, CVE-2026-20122, CVE-2026-20128 and CVE-2026-20131.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The Cybersecurity and Infrastructure Security Agency has only added two of the defects \u2014 CVE-2022-20775 and CVE-2026-20127 \u2014 to its known exploited vulnerabilities catalog thus far. The agency, which last week added new hunting and reporting requirements to an <a href=\"https:\/\/www.cisa.gov\/news-events\/directives\/v1-ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems\">emergency directive<\/a> it issued for the defects in late February, did not answer questions about the updated order or explain why other actively exploited Cisco vulnerabilities haven\u2019t been added to the catalog. The agency has been operating under a funding shutdown since February.<\/p>\n<h4 class=\"wp-block-heading\" id=\"h-interlock-ransomware-hits-cisco-firewalls\">Interlock ransomware hits Cisco firewalls<\/h4>\n<p>The ongoing ransomware campaign Amazon Threat Intelligence spotted involving CVE-2026-20131 confirmed \u201cInterlock had a zero-day in their hands, giving them a week\u2019s head start to compromise organizations before defenders even knew to look,\u201d researchers said Wednesday.<\/p>\n<p>Interlock\u2019s observed attack path and operations are extensive, including post-compromise reconnaissance scripts, custom remote access trojans, a webshell and legitimate tool abuse. Amazon did not identify specific victims, and said the group threatens organizations with data encryption, regulatory fines and compliance valuations.<\/p>\n<p>\u201cInterlock has historically targeted specific sectors where operational disruption creates maximum pressure for payment,\u201d Amazon Threat Intelligence researchers said in the blog post. These sectors include education, engineering, architecture, construction, manufacturing, industrial, health care and government entities. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h4 class=\"wp-block-heading\" id=\"h-4-cisco-sd-wan-defects-under-attack\">4 Cisco SD-WAN defects under attack<\/h4>\n<p>The swarm of vulnerabilities in Cisco SD-WANs poses additional risk for customers. Cisco Talos previously attributed long-running attacks involving CVE-2026-20127 and CVE-2022-20775 to UAT-8616, but it\u2019s unclear if the same threat group is responsible for all of the Cisco SD-WAN exploits. <\/p>\n<p>\u201cOther threat groups are likely to pick up public research in order to weaponize or adapt it opportunistically, so we may see follow-on attempts by additional threat actors, including low-skilled attackers,\u201d Caitlin Condon, vice president of security research at <a href=\"https:\/\/www.vulncheck.com\/blog\/cisco-sd-wan-manager-vulns\">VulnCheck<\/a>, told CyberScoop.<\/p>\n<p>Researchers said vulnerabilities are often disclosed in clusters after a meaningful defect is identified in a specific product, such as Cisco\u2019s SD-WAN systems.<\/p>\n<p>Cisco declined to answer questions and said customers can find the latest information on its security<a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/publicationListing.x\"> advisories page<\/a>.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Condon and McKee both noted that Cisco has been responsive in releasing software fixes, threat-hunting intelligence and, in the case of the SD-WAN zero-days, coordinated government guidance. <\/p>\n<p>\u201cThis is what a good crisis response is supposed to look like once exploitation is identified,\u201d McKee said. <\/p>\n<p>\u201cThe harder question is whether the industry is getting early-enough visibility into the defects in edge-management software that sophisticated actors are clearly prioritizing,\u201d he added. \u201cAre our organizations equipped with the right people and tools to perform this level of exposure management?\u201d<\/p>\n<p>The expanding exploits Cisco customers are combating on firewalls and SD-WANs is a reminder that organizations shouldn\u2019t deprioritize less notorious vulnerabilities or those with lower CVSS scores, Condon said. <\/p>\n<p>\u201cSeveral of the exploited vulnerabilities in this tranche of Cisco SD-WAN bugs don\u2019t have critical CVSS scores, meaning teams using CVSS as a prioritization mechanism might miss medium- or high-scored flaws that still have real-world adversary utility,\u201d she added.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The attacks also collectively reflect a persistent pattern of attackers targeting network edge systems from multiple vendors, including Cisco.<\/p>\n<p>\u201cAttackers continue to treat network edge and management infrastructure as prime real estate, and when defenders see pre-authentication, management-plane flaws with evidence of pre-disclosure exploitation, they need to assume compromise, not just exposure,\u201d McKee said. <\/p>\n<p>\u201cAttackers are investing time and capability into finding and operationalizing previously unknown defects in Cisco edge and management infrastructure because the payoff is enormous,\u201d he added. \u201cThese platforms give you a privileged position, broad visibility, and a path to durable access inside high-value organizations. That\u2019s exactly why they keep getting hit.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.737668161435\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cisco-firewall-sd-wan-vulnerabilities-exploited\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco\u2019s latest vulnerability spree has a more troubling pattern underneath<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1764,78,452,2659,3119,3297,281,1766,46,3353,256,99,288,4136,643,703,2390,2759,1544,1170],"tags":[1769,86,454,2661,3120,3298,285,1771,54,3357,262,103,294,4140,645,705,2394,2760,1545,1171],"class_list":["post-8443","post","type-post","status-publish","format-standard","hentry","category-cisco","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-exploit","category-firewall","category-firewalls","category-hacking","category-known-exploited-vulnerabilities-kev","category-ransomware","category-rapid7","category-research","category-sd-wan","category-threats","category-vulncheck","category-vulnerabilities","category-vulnerability-disclosure","category-vulnerability-management","category-vulnerability-reporting","category-zero-day","category-zero-days","tag-cisco","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-exploit","tag-firewall","tag-firewalls","tag-hacking","tag-known-exploited-vulnerabilities-kev","tag-ransomware","tag-rapid7","tag-research","tag-sd-wan","tag-threats","tag-vulncheck","tag-vulnerabilities","tag-vulnerability-disclosure","tag-vulnerability-management","tag-vulnerability-reporting","tag-zero-day","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisco\/\" rel=\"category tag\">Cisco<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/exploit\/\" rel=\"category tag\">exploit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/firewall\/\" rel=\"category tag\">firewall<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/firewalls\/\" rel=\"category tag\">firewalls<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hacking\/\" rel=\"category tag\">hacking<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/known-exploited-vulnerabilities-kev\/\" rel=\"category tag\">known exploited vulnerabilities (KEV)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/rapid7\/\" rel=\"category tag\">Rapid7<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sd-wan\/\" rel=\"category tag\">SD-WAN<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulncheck\/\" rel=\"category tag\">VulnCheck<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-management\/\" rel=\"category tag\">Vulnerability Management<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-reporting\/\" rel=\"category tag\">vulnerability reporting<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-day\/\" rel=\"category tag\">Zero-day<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8443"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8443\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8443,"date":"2026-03-18T16:31:36","date_gmt":"2026-03-18T21:31:36","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88294"},"modified":"2026-03-18T16:31:36","modified_gmt":"2026-03-18T21:31:36","slug":"ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/03\/18\/ciscos-latest-vulnerability-spree-has-a-more-troubling-pattern-underneath\/","title":{"rendered":"Cisco\u2019s latest vulnerability spree has a more troubling pattern underneath"},"content":{"rendered":"