By Matt Kapko
Publication Date: 2026-02-25 23:51:00
Attackers have been exploiting a pair of zero-day vulnerabilities in Cisco’s network edge software for at least three years, and the global campaign is ongoing, authorities said across a series of warnings released Wednesday.
The Cybersecurity and Infrastructure Security Agency issued an emergency directive about the global attacks and issued joint guidance with the Five Eyes to help defenders respond and hunt for evidence of compromise.
This marks the second series of multiple actively exploited zero-day vulnerabilities in Cisco edge technology since last spring. Both campaigns resulted in CISA emergency directives months after the attacks were first detected, and both attack sprees were underway for at least a year before they were identified.
Authorities refrained from attributing the attacks to any nation state or threat group. Cisco Talos researchers assigned the exploits and post-compromise activity to UAT-8616, which they only described as a “highly…
