Mandiant
Coverage of Mandiant in the Nexus archive.
- Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
A high-severity security flaw in Cisco Catalyst SD-WAN, tracked as CVE-2026-20245, was exploited by an unknown threat actor as a zero-day for at least two months before public disclosure. Mandiant found the vulnerability allows an authenticated, local attacker to execute arbitrary commands with elevated privileges.
- ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
ShinyHunters exploited an unpatched Oracle PeopleSoft zero-day (CVE-2026-35273) to breach enterprise systems, targeting universities most severely. Google's Mandiant linked the attacks to UNC6240, with activity occurring between May 27 and June 9, just one day before Oracle released its security advisory on June 10.
- Cisco customers encounter another SD-WAN zero-day under attack
Cisco customers are facing another actively exploited zero-day vulnerability (CVE-2026-20245) in its SD-WAN management software, marking the seventh such exploit this year. The flaw allows authenticated attackers to execute commands as root, but Cisco warns no patch or workaround is currently available, and exploitation requires existing credentials or prior vulnerabilities.
- Silent Ransom Group targets law firms with fake IT support calls
The Silent Ransom Group is targeting U.S. law firms and professional services organizations through social engineering attacks, often resulting in data theft within hours. The attacks involve fake IT support calls and are reported by cybersecurity firm Mandiant.
- If you don't fall for these extortionists' calls, they'll show up with USB sticks
A data-theft and extortion group called UNC3753 (also known as Silent Ransom Group) has targeted US banks and law firms using fake help desk calls and in-person USB stick attacks. The group shifts tactics from remote social engineering to physical intrusions when initial methods fail, as confirmed by Google’s Mandiant and corroborated by an FBI alert.
- Most Remediation Programs Never Confirm the Fix Actually Worked
Security teams struggle to confirm fixes despite increased visibility, with a mean time to exploit of -7 days and a median time to remediate edge device vulnerabilities of 32 days. This drives the industry towards change. Remediation programs often fail to confirm their effectiveness.
- Your MTTD Looks Great. Your Post-Alert Gap Doesn't
Anthropic restricted its Mythos Preview AI model after it autonomously discovered and exploited zero-day vulnerabilities across major operating systems and browsers. Security experts warn similar capabilities may proliferate soon, with CrowdStrike reporting an average eCrime breakout time of 29 minutes.