Maximum Severity Cisco SD-WAN Bug Exploited in the Wild

Thursday, May 14, 2026 at 08:25 PM UTC·Source: Dark Reading

Updated: Thursday, May 14, 2026 at 09:00 PM UTC

Executive Summary

This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.

Analysis

This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.

Source Attribution

Originally published by Dark Reading on May 14, 2026.

Related Threats

MEDIUMVulnerability

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase. "Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations," Grafana said in a series of

4h agoThe Hacker News

CRITICALVulnerability

Microsoft rejects critical Azure vulnerability report, no CVE issued

A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that "no product changes were made," despite the researcher documenting a silent fix. [...]

15h agoBleepingComputer

MEDIUMVulnerability

Another detail emerges about Instructure’s agreement with ShinyHunters; Debate continues about whether to pay

Media outlets have been understandably eager to learn whether Instructure paid ShinyHunters after the latter attacked them for a second time on May 7. Considering that they pledged to be more transparent, DataBreaches doesn’t fully understand why Instructure wasn’t more forthright about the payment issue in its update, unless they were trying to avoid encouraging... Source

18h agoDataBreaches.net