710
18 days ago
Cisco says hackers have been exploiting a critical bug to break into big customer networks since 202
Summary
Save up to $680 on your pass with Super Early Bird rates. REGISTER NOW.
Save up to $680 on your Disrupt 2026 pass. Ends February 27. REGISTER NOW.
Media & Entertainment
TechCrunch Brand Studio
Cisco says hackers have been exploiting a bug in one of its popular networking products used by large enterprises for at least three years, prompting the U.S. government and its allies to urge organizations to take action.
The bug, which has a maximum-rated vulnerability severity score of 10.0, allows hackers to remotely break into networks running its Catalyst SD-WAN products, which allow large companies and government agencies with multiple offices to connect their private networks over long distances.
By exploiting this bug over the internet, hackers can gain the highest level of permissions to these devices and maintain persistent hidden access inside a victim’s network, allowing them to spy or steal data over a long period of time.
Cisco said after discovering the bug, its researchers traced evidence of exploitation as far back as 2023. Some of the affected organizations are said to be critical infrastructure. The company did not provide specifics, but “critical infrastructure” can refer to everything from power grids and water supply to the transportation sector.
Several governments, including Australia, Canada, New Zealand, the United Kingdom, and the United States, warned in an alert that threat actors are targeting organizations “globally.”
U.S. cybersecurity agency CISA ordered all civilian federal agencies to patch their systems by end-of-day Friday, citing an imminent threat and unacceptable risk to the federal government. The federal cybersecurity agency, which is currently running at reduced capacity due to a partial government shutdown, said it was aware of ongoing exploitation.
Neither Cisco nor the governments attributed the attacks to a specific threat group or nation state, if known, but tracked one cluster of activity as UAT-8616.
In December, Cisco warned of a similarly rated 10.0 vulnerability in the Async software that runs most of its products, which was being actively used to hack into its customer networks.
Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, this week in security.
He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, at zack.whittaker@techcrunch.com.
Save up to $680 on your pass before February 27.Meet investors. Discover your next portfolio company. Hear from 250+ tech leaders, dive into 200+ sessions, and explore 300+ startups building what’s next. Don’t miss these one-time savings.
It’s time to pull the plug on plug-in hybrids
Americans are destroying Flock surveillance cameras
Bill Gurley says that right now, the worst thing you can do for your career is play it safe
The 9,000-pound monster I don’t want to give back
Sam Altman would like to remind you that humans use a lot of energy, too
Google VP warns that two types of AI startups may not survive
Great news for xAI: Grok is now pretty good at answering questions about Baldur’s Gate
© 2026 TechCrunch Media LLC.
Save up to $680 on your Disrupt 2026 pass. Ends February 27. REGISTER NOW.
Media & Entertainment
TechCrunch Brand Studio
Cisco says hackers have been exploiting a bug in one of its popular networking products used by large enterprises for at least three years, prompting the U.S. government and its allies to urge organizations to take action.
The bug, which has a maximum-rated vulnerability severity score of 10.0, allows hackers to remotely break into networks running its Catalyst SD-WAN products, which allow large companies and government agencies with multiple offices to connect their private networks over long distances.
By exploiting this bug over the internet, hackers can gain the highest level of permissions to these devices and maintain persistent hidden access inside a victim’s network, allowing them to spy or steal data over a long period of time.
Cisco said after discovering the bug, its researchers traced evidence of exploitation as far back as 2023. Some of the affected organizations are said to be critical infrastructure. The company did not provide specifics, but “critical infrastructure” can refer to everything from power grids and water supply to the transportation sector.
Several governments, including Australia, Canada, New Zealand, the United Kingdom, and the United States, warned in an alert that threat actors are targeting organizations “globally.”
U.S. cybersecurity agency CISA ordered all civilian federal agencies to patch their systems by end-of-day Friday, citing an imminent threat and unacceptable risk to the federal government. The federal cybersecurity agency, which is currently running at reduced capacity due to a partial government shutdown, said it was aware of ongoing exploitation.
Neither Cisco nor the governments attributed the attacks to a specific threat group or nation state, if known, but tracked one cluster of activity as UAT-8616.
In December, Cisco warned of a similarly rated 10.0 vulnerability in the Async software that runs most of its products, which was being actively used to hack into its customer networks.
Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, this week in security.
He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, at zack.whittaker@techcrunch.com.
Save up to $680 on your pass before February 27.Meet investors. Discover your next portfolio company. Hear from 250+ tech leaders, dive into 200+ sessions, and explore 300+ startups building what’s next. Don’t miss these one-time savings.
It’s time to pull the plug on plug-in hybrids
Americans are destroying Flock surveillance cameras
Bill Gurley says that right now, the worst thing you can do for your career is play it safe
The 9,000-pound monster I don’t want to give back
Sam Altman would like to remind you that humans use a lot of energy, too
Google VP warns that two types of AI startups may not survive
Great news for xAI: Grok is now pretty good at answering questions about Baldur’s Gate
© 2026 TechCrunch Media LLC.
AI Description
Cisco has identified a critical bug in its networking gear that has been exploited by hackers for years. The U.S. government and its allies have urged organizations to patch this vulnerability.