The Cybersecurity and Infrastructure Security Agency has flagged a new Catalyst SD-WAN Manager vulnerability being actively exploited in attacks, demanding U.S. government agencies patch systems within four days.
CISA issued an urgent directive requiring federal agencies to secure their networks against the newly discovered flaw in Catalyst SD-WAN Manager software. The vulnerability is currently being exploited by threat actors in active attacks.
SD-WAN (Software-Defined Wide Area Network) solutions manage network traffic across distributed locations, making them critical infrastructure components for large organizations. A compromise in this layer threatens the integrity of entire network infrastructures.
The four-day deadline reflects the severity and active exploitation status of the vulnerability. This compressed timeline indicates CISA views the threat level as significant enough to warrant expedited patching across government systems.
The specific technical details of the vulnerability and patch availability were not detailed in the initial advisory, though affected agencies are expected to coordinate with Catalyst for remediation guidance.
This marks another SD-WAN security incident in recent months, highlighting the expanding attack surface targeting network infrastructure tools. Organizations managing distributed networks have become increasingly attractive targets for sophisticated threat actors seeking to establish persistent access across multiple locations.
Government agencies rely heavily on SD-WAN deployments to manage traffic between headquarters, regional offices, and remote locations. A successful exploit could allow attackers to intercept communications, redirect traffic, or maintain long-term persistence across federal networks.
Beyond the government sector, private enterprises operating similar infrastructure should monitor the situation closely. While CISA's directive applies specifically to federal agencies, the vulnerability details will likely become public once patches are deployed, prompting broader organizational security reviews.
Agencies unable to patch within the four-day window are advised to implement compensating controls, including network segmentation, enhanced monitoring, and traffic analysis to detect anomalous SD-WAN activity.
CISA continues monitoring the exploit activity and will provide updated guidance as the situation develops.
Australia's eSafety watchdog will investigate whether major adult websites are allowing users to bypass age verification requirements using virtual private networks (VPNs). The probe follows new regulations introduced in March requiring age checks on adult content.
Dutch National Police have identified strong evidence that Dutch hackers were responsible for a February breach at telecommunications provider Odido. The investigation marks a significant development in the case.
Surveillance technology company Flock Safety did not issue a cease-and-desist letter to The Saturday Salon, a Newport Beach lecture series, despite claims posted on Instagram Thursday. The incident reignites debate over the company's practices and relationship with law enforcement.
The US Cybersecurity and Infrastructure Security Agency revealed it lacked a prepared incident response plan during a recent security event, forcing it to develop procedures in real time.