Hacker Free-for-All Over Cisco SD-WAN Flaw

Three-Year Old Zero-Day Under Mass Attack Greg Sirico • March 9, 2026

A flaw in Cisco Software-defined network management software has become a hacker free-for-all, warn cybersecurity experts.

See Also: Why HSMs Are Critical to Digital Asset Security

Cisco, through its Talos threat intel division, warned in late February that a threat actor tracked as "UAT-8616" began exploiting in 2023 a vulnerability in Cisco Catalyst SD-WAN Controller now numbered CVE-2026-20127.

By mid-last week, exploitation of the once carefully used zero day was "no longer targeted activity that was described previously, but now internet-wide and growing," said Ryan Dewhurst, head of threat intelligence at watchtower.

"The largest spike in activity occurred on March 4, with attacks widely spread across various regions worldwide, and U.S.-based areas saw slightly higher activity than others. We expect activity to continue as part of the typical long tail of exploitation, as more threat ...