CCTR.9.MAR.26

Monday morning cyber coffee read CCTR.9.MAR.26.

Cyber threat actors are actively exploiting Cisco Catalyst SD-WAN deployments worldwide via an authentication bypass vulnerability CVE-2026-20127 (CVSS 10). This activity targets the SD-WAN control-plane, enabling attackers to add rogue peers, escalate to root access, and establish long-term persistence across affected environments.

Patch and harden your Cisco Catalyst SD-WAN
Hunt for indicators of compromise. Refer to the ASD hunt guild https://www.cyber.gov.au/sites/default/files/2026-02/ACSC-led%20Cisco%20SD-WAN%20Hunt%20Guide.pdf

Arctic Wolf https://arcticwolf.com/resources/blog/cve-2026-20127

Now, Juniper is keeping up with Cisco.

A critical vulnerability CVE-2026-21902 in Juniper Networks Junos OS Evolved running on PTX Series routers allows a threat actor to execute code as root, resulting in full device compromise. No active exploitation has been reported and the issue was identified through internal security testing.

In March 2025, Chinese threat actors were popping end of life Junos devices and deploying TinyShell malware for persistent access. So CVE-2026-21902 could be the 2026 threat for such actors.

Patch immediately and ensure affected service interfaces are not exposed to the internet.

https://supportportal.juniper.net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902

New Zealand’s Cyber Security Strategy 2026-2030 frames cyber threats as a core national security issue and accepts that cyber incidents are inevitable. Resilience depends on strong detection and response, backed by trusted partnerships.

I like how it is calling out China over the Parliamentary breach in 2021 while also using the CrowdStrike outage in 2024 to show that national scale disruption does not always require malicious intent.

https://www.dpmc.govt.nz/sites/default/files/2026-02/nz-cyber-security-strategy-2026-30.pdf

In February 2026 Patch Tuesday, Microsoft patched CVE-2026-21513 (CVSS 8.8), a security features bypass vulnerability in the MSHTML framework. The vulnerability affects all supported Windows versions and is actively exploited in the wild by the Russian threat group APT28.

Patch immediately across all Windows endpoints and servers
Assume multiple delivery mechanisms beyond LNK-based phishing
Monitor for suspicious MSHTML usage and abnormal shortcut behaviour

https://www.akamai.com/blog/security-research/2026/feb/inside-the-fix-cve-2026-21513-mshtml-exploit-analysis

PreviousCCTR.10.MAR.26 NextCCTR.8.FEB.26

Last updated 20 days ago