"A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller and Catalyst SD-WAN Manager has come under active exploitation in the wild as part of malicious activity that dates back to 2023. The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on an affected system by sending a crafted request."
"Anthropic accused three Chinese AI firms of engaging in concerted industrial-scale distillation attack campaigns aimed at extracting information from its model. DeepSeek, Moonshot AI, and MiniMax are said to have flooded Claude with large volumes of specially-crafted prompts to elicit responses to train their own proprietary models."
The current threat landscape demonstrates coordinated exploitation across diverse infrastructure and AI systems. A critical Cisco SD-WAN zero-day vulnerability with maximum severity is actively exploited, allowing unauthenticated remote attackers to bypass authentication and gain administrative access. Simultaneously, Chinese AI firms conduct industrial-scale distillation attacks against Anthropic's Claude model by flooding it with crafted prompts to extract training data. These incidents reveal a pattern of sophisticated threat actors targeting network infrastructure, cloud deployments, and AI systems through multiple entry points including authentication bypasses, exposed credentials, and misuse of legitimate services. The convergence of these attacks indicates evolving tactics designed to compromise high-value targets across critical sectors.
#zero-day-vulnerabilities #ai-model-security #network-infrastructure-attacks #authentication-bypass #industrial-espionage
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]