The field of cybersecurity continues to face significant challenges, with various incidents being reported worldwide regularly. Among these are spearheading activities focused on cybercrime, fraud management, and incident response.
Also, Three Ubiquiti Flaws Under Exploitation
Each week, information security professionals follow an array of cybersecurity incidents and breaches occurring worldwide. In recent reports, Mandiant has disclosed significant findings regarding a hacking incident involving Cisco’s SD-WAN infrastructure, as well as ongoing threats targeting Ubiquiti systems, data breaches affecting Canadian utility companies, and revelations pertaining to ransomware operations across the Asia-Pacific region.
How Hackers Exploited a Cisco SD-WAN Flaw
Researchers from Mandiant have released troubling details regarding a successful cyberattack on Cisco’s SD-WAN devices, emphasizing the exploitation of a zero-day vulnerability. This vulnerability, now patched and tracked as CVE-2026-20245, allowed attackers to gain root-level access and covertly control a communications service provider’s network. Cisco acknowledged that the flaw had been exploited prior to the release of patches, leading to varying degrees of unauthorized access.
The incident, spanning from late 2025 to March 2026, entailed phases of unauthorized activity and indicated that the attackers might have infiltrated the SD-WAN environment through previously compromised credentials or take advantage of weaknesses within SD-WAN controllers. Observing rogue peering connections signified the attackers’ presence.
Upon infiltrating the system, the intruders modified administrative credentials and deployed a malicious CSV file aiming to exploit the identified flaw, which enabled privilege escalation to root level. This escalation permitted the creation of a concealed account named “troot,” affording the attackers unrestricted access.
Demonstrating a degree of sophistication, the attackers maintained operational security by reverting modified passwords and configuration settings, minimizing the risk of detection by system administrators. They meticulously deleted files and erased traces of their commands, thereby obscuring evidence of their activities.
3 Maximum-Severity Ubiquiti Flaws Under Active Exploitation
In parallel, three maximum-severity vulnerabilities in Ubiquiti’s UniFi OS have come under active exploitation. These vulnerabilities can be chained to facilitate unauthenticated remote code execution with root privileges. The U.S. Cybersecurity and Infrastructure Security Agency has incorporated these vulnerabilities into its Known Exploited Vulnerabilities catalog.
Tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, these security flaws impact a wide range of UniFi OS devices, inclusive of the UniFi OS Server – the self-hosted variant of Ubiquiti’s management platform. Although Ubiquiti disclosed and patched these vulnerabilities in May, security researchers from Bishop Fox highlighted their potential to be combined into a singular exploit, allowing complete system control without authentication.
With UniFi OS managing essential network infrastructure, surveillance cameras, and access control systems, successful exploits could yield severe repercussions, including unauthorized unlocking of doors and the potential to delete or disable crucial camera footage.
Canadian Utility London Hydro Discloses Customer Data Breach
In Canada, London Hydro is investigating a data security incident that may have exposed sensitive customer data. According to a notice posted on their website, the utility company continues to assess the scale of affected information, which includes names, addresses, email addresses, phone numbers, account numbers, pricing plans, and more. Notably, financial information and sensitive personal identifiers like Social Security numbers were not compromised, but the extent of customer impact has yet to be disclosed.
Researchers Warn of Cross-Cloud Bucket Hijacking Risk
On the cybersecurity front, emerging threats have been noted, with researchers identifying a technique known as “bucket hijacking.” This tactic could allow attackers to redirect sensitive cloud data streams, exploiting the naming conventions employed by major cloud services. This design flaw allows attackers to recreate cloud storage buckets through compromised permissions, subsequently intercepting data otherwise directed to legitimate destinations.
Exposed Server Reveals INC Ransomware’s Mainframe Focus
Furthermore, an exposed server connected to the INC ransomware collective has showcased a shift in their targeting strategies. Evidence indicates the group’s focus on IBM mainframes and cross-platform malware development, primarily targeting organizations across the Asia-Pacific region.
Texas Breach Exposes Data of 3M Residents
Additionally, a significant data breach in Texas involving the state’s Parks and Wildlife Department has compromised personal information of over 3 million residents. The breach, whose specifics regarding unauthorized access remain vague, has sparked concerns over the sensitivity of the data compromised.
Gravity SMTP Flaw Targeted in Mass Exploitation Campaign
Lastly, a vulnerability in the Gravity SMTP WordPress plugin has been subjected to mass exploitation efforts aimed at compromising sensitive configuration data. Exploitation attempts surged recently, demonstrating the ongoing risks associated with unsecured software on widely-used platforms.
Other Stories From This Week
In conclusion, the security landscape remains dynamic, with rising incidents illuminating the adaptability of cybercriminals and the persistent threats faced by organizations globally.