SD-WAN 0-Day Vulnerability, Critical CVEs, Telegram Probe, Smart TV Proxy SDK, and More Security Updates

Post Views: 39

Cybersecurity Landscape Shifts as Threat Actors Evolve Tactics

The past week has seen a significant escalation in the tactics employed by threat actors, with a notable increase in the exploitation of vulnerabilities, AI-powered attacks, and sophisticated phishing campaigns. As the threat landscape continues to evolve, organizations must remain vigilant and adapt their security strategies to address the emerging risks.

Cisco SD-WAN Zero-Day Exploited Since 2023

A newly disclosed zero-day vulnerability in Cisco’s Catalyst SD-WAN Controller and Catalyst SD-WAN Manager has been actively exploited since 2023. The vulnerability, tracked as CVE-2026-20127, allows an unauthenticated remote attacker to bypass authentication and gain administrative privileges on an affected system. Cisco has credited the Australian Signals Directorate’s Australian Cyber Security Centre (ASD-ACSC) for reporting the vulnerability.

Google Disrupts UNC2814 GRIDTIDE Campaign

Google has disrupted the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814, which has breached at least 53 organizations across 42 countries. The group’s operations involve the use of a novel backdoor dubbed GRIDTIDE, which abuses Google Sheets API as a communication channel to disguise C2 traffic and facilitate the transfer of raw data and shell commands.

Threat Actors Target High-Value Sectors

Threat actors are increasingly targeting high-value sectors, including education and healthcare. A previously undocumented threat activity cluster known as UAT-10027 has been attributed to an ongoing malicious campaign targeting these sectors in the US since at least December 2025. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.

AI-Powered Attacks on the Rise

AI-powered attacks are becoming increasingly prevalent, with threat actors using AI to expand their reach and improve efficiency. A new research report from Orca Security has highlighted how AI can become a “third dimension” in the world of lateral movement, allowing attackers to trick LLMs and carry out significant security incidents.

Ransomware Operations Target Russian and Belarusian Enterprises

A ransomware operation called C77L has been tied to at least 40 attacks on Russian and Belarusian enterprises since March 2025. The group is assessed to be operating out of Iran and uses weak passwords for publicly available RDP and VPN endpoints to gain initial access to target networks.

Cybercrime Operations Continue to Evolve

Cybercrime operations continue to evolve, with threat actors using new tactics and techniques to carry out attacks. A phishing campaign dubbed GTFire is abusing Google Firebase to host phishing pages and Google Translate to disguise malicious URLs and bypass web security filters. The campaign is estimated to have harvested thousands of stolen credentials associated with over a thousand organizations.

Law Enforcement Actions

Law enforcement agencies have taken action against cybercrime operations, with 30 members of an underground online community known as The Com arrested in a coordinated operation led by Europol. The operation, launched in January 2025, has been codenamed Project Compass.

Conclusion

The cybersecurity landscape is shifting rapidly, with threat actors evolving their tactics and techniques to exploit vulnerabilities and carry out sophisticated attacks. Organizations must remain vigilant and adapt their security strategies to address the emerging risks. By staying informed and proactive, organizations can reduce their risk of falling victim to these evolving threats.