top of page

Cybersecurity Weekly Update: 23 February - 2 March 2026

  • Writer: SOC Team
    SOC Team
  • 6 days ago
  • 2 min read

1. Cisco Catalyst SD-WAN Zero-Day Actively Exploited (CVE-2026-20127)


Cisco disclosed and patched a maximum-severity authentication bypass vulnerability (CVSS 10.0) affecting its Catalyst SD-WAN Manager and Controller products. The flaw, tracked as CVE-2026-20127, has reportedly been exploited in the wild since at least 2023, allowing attackers to gain unauthorised administrative access to SD-WAN infrastructure. (techradar.com)


Why it matters: SD-WAN platforms form the backbone of distributed enterprise connectivity, particularly in financial services, defence environments, and large education estates. Successful exploitation allows attackers to manipulate routing policies, intercept traffic, and maintain persistent privileged access across networks.


Action: Apply Cisco’s emergency patches immediately, restrict SD-WAN management interfaces from direct internet exposure, enforce multifactor authentication for all administrative access, and review logs for anomalous authentication attempts.

2. AI-Powered Campaign Compromises 600+ FortiGate Firewalls


Security researchers reported that a Russian-speaking threat actor used generative AI tools to automate reconnaissance and brute-force campaigns against exposed Fortinet FortiGate firewall management interfaces. Over 600 devices across more than 55 countries were compromised in a large-scale, automated operation. (securityaffairs.com)


Why it matters: This campaign did not rely on a zero-day vulnerability but instead exploited weak credentials and exposed management services. The use of AI dramatically reduced the time and effort required to scan, test, and compromise systems at scale, demonstrating how automation is amplifying traditional attack techniques.


Action: Ensure firewall management interfaces are not publicly accessible, enforce strong unique credentials with MFA, rotate administrative passwords, and monitor for large-scale scanning or repeated authentication attempts.


3. IBM X-Force Report Highlights Surge in Exploitation and Ransomware


Early coverage of IBM X-Force’s latest threat intelligence findings indicates that vulnerability exploitation accounted for approximately 40% of security incidents in 2025, while ransomware and extortion activity increased significantly year-on-year. (infosecurity-magazine.com)


Why it matters: The continued dominance of exploit-driven intrusions shows that many organisations remain exposed due to delayed patching and insufficient external attack surface management. For sectors handling sensitive personal, financial, or national security data, this trend reinforces the importance of proactive vulnerability governance.


Action: Strengthen vulnerability management programmes with clear remediation SLAs, prioritise internet-facing assets, and integrate threat intelligence into patch prioritisation workflows.


4. Cyber Operations Escalate Amid Middle East Tensions


Reuters reported that multiple Iranian government websites and domestic digital services were targeted in cyber operations following escalating geopolitical tensions involving US and Israeli military actions. (reuters.com)


Why it matters: Geopolitical tensions increasingly spill into cyberspace, with both state-aligned actors and hacktivist groups conducting disruptive or retaliatory operations. Organisations in Europe and allied regions should anticipate potential spill-over effects, including DDoS campaigns, defacements, or opportunistic targeting.


Action: Review DDoS resilience capabilities, validate incident response readiness, and ensure external-facing services have monitoring and rate-limiting controls in place.


Key Recommendations


  • Patch critical network infrastructure immediately, particularly SD-WAN and firewall systems.

  • Remove direct internet exposure from management interfaces wherever possible.

  • Enforce multifactor authentication for all privileged and administrative accounts.

  • Strengthen vulnerability management and prioritise internet-facing assets.

  • Prepare for AI-accelerated attack campaigns by enhancing monitoring and automation detection capabilities.

 
 
bottom of page