The threat is real. Unknown miscreants are exploiting a high-severity, zero-day bug in Cisco’s SD-WAN management software, and the networking giant hasn’t said when it will patch the flaw. Cisco issued an advisory on Thursday for the Catalyst SD-WAN Manager vulnerability, tracked as CVE-2026-20245, and it sounds like attackers have been exploiting this security failure for at least the last week. It’s due to a validation error - the software fails to properly validate user-supplied input - and an authenticated, local attacker can exploit the flaw by uploading a specially crafted file to vulnerable systems. From there, they can escalate privileges and execute commands with root privileges. The vulnerability affects all versions of the SD-WAN software, regardless of device configuration, and across all deployment types including on-premises, cloud-based, and FedRAMP-certified deployments. Switchzilla says it became aware of attacks against this vulnerability in June. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system,” the vendor said. “This would require valid credentials or exploitation of CVE-2026-20182 or CVE-2026-20127. Cisco is not aware of successful exploitation by other methods.” Both of these earlier SD-WAN security holes have also been hit by attackers in previous months. The good news: an attacker needs valid credentials to abuse the new hole. The bad news: exposed credentials aren’t hard to find (or buy) online. We don’t know the scope of exploitation or exactly when attackers began hitting this SD-WAN hole. Cisco declined to answer The Register’s questions, and instead sent us a statement via email. “Cisco recommends customers upgrade to the fixed software released in May 2026 for CVE-2026-20182 as a protective measure,” a spokesperson said. “A patch for this vulnerability will be provided on a future date. Customers needing assistance should contact Cisco TAC.” This latest bug is the sixth SD-WAN vulnerability listed as under attack since the start of the year, and the second zero-day in two months. The most recent is the one the Cisco spokesperson mentioned in an email to The Register. In May, Switchzilla disclosed a max-severity make-me-admin bug (CVE-2026-20182) affecting Catalyst SD-WAN Controller and Manager, and warned that attackers had already found and exploited the hole before it issued a patch. A month earlier, America's lead cyber-defense agency said that three Cisco Catalyst SD-WAN Manager bugs (CVE-2026-20128, CVE-2026-20133, and CVE-2026-20122) were under attack, and gave federal agencies just four days to patch the security holes. Cisco fixed all three CVEs in late February, and in March warned of attackers abusing two of them. Also in February, the networking vendor patched a max-severity improper authentication flaw (CVE-2026-20127) affecting the same SD-WAN software, prompting a Five Eyes countries’ joint intelligence alert urgently warning defenders to patch it - plus an old SD-WAN vulnerability (CVE-2022-20775) - or risk root takeover. "Malicious cyber threat actors are targeting Cisco Catalyst SD-WAN used by organizations globally," the UK's lead cyber agency said at the time. "These actors are compromising SD-WANs to add a malicious rogue peer and then conduct a range of follow-on actions to achieve root access and maintain persistent access to the SD-WAN." And while this one isn't listed as under active exploitation (yet), on Wednesday, Cisco warned about a proof-of-concept exploit for CVE-2026-20230, a critical bug in its Unified Communications Manager that also allows attackers to gain root privileges. ®

Humanitarian organization World Food Programme (WFP) says one of its systems was breached, and around 600,000 Gazan households receiving aid had their details improperly accessed. Its announcement, made via Telegram on May 31, confirmed there was “a security incident” in the self-registration application used by Gazans to register for aid and applicants’ names, ID numbers, phone numbers, and location information were among the data types accessed. “We understand this may be concerning, and we want to assure you that protecting your data and privacy is our top priority,” the WFP said. “The program is treating this situation with the utmost seriousness and priority.” The organization said it temporarily suspended the registration platform to urgently apply the necessary security improvements. Its most recent update on the situation came on June 2, when it said the platform was still down, but added that aid recipients did not need to do anything, while their support would continue to be delivered uninterrupted. “The WFP wants to assure all those registered via the link that food assistance, cash assistance, nutritional supplementation, and all other WFP programs are continuing as usual,” it said. “If you are already registered on the Self-Registration Application (SRA), your registration remains valid. There is no need to update, delete, or re-register your information at this time.” WFP told The New Humanitarian, which first reported the story, that the attack was detected on May 14, and confirmed the scale to be in the region of 600,000 households. The news organization also claimed, citing a whistleblower’s account of matters, that an anonymous “independent expert” contacted WFP’s Palestine team, alerting it to vulnerabilities in the SRA two days before the organization detected the breach. The Register contacted WFP’s Rome headquarters for more details, but it did not immediately respond. WFP, which is a division of the UN and the largest welfare organization in the world, supports 1.6 million Palestinians every month who face a malnutrition crisis amid fierce conflict between the territory and neighboring Israel. This represents around 77 percent of the country’s population, and an estimated 80 percent of the population is unemployed, unable to earn the money required to pay for a nutritionally sound diet. WFP delivers wheat flour, high-energy biscuits, and fortified snacks to families, community kitchens, and bakeries in its effort to push back famine, as well as facilitating cash transfers. The organization is also helping individuals get back into paid work, maintains roads, and says that when conditions allow, it will stay in the region and help local people rebuild communities, markets, and other food systems. ®

A City of York Council email mishap exposed the email addresses of hundreds of Blue Badge holders in the ancient Viking capital, inadvertently revealing their status as disabled residents and triggering a data breach investigation. The council confirmed to The Register that it’s investigating what it described as a "personal data breach" after emails sent to residents last week were distributed without using the blind carbon copy (BCC) function, allowing recipients to see everyone else on the mailing list. According to local reports, the council sent three emails containing Blue Badge-related updates before issuing a fourth message acknowledging the error and asking recipients to delete the previous emails, including from their deleted items folders. Recipients were also warned to remain alert for suspicious messages following the incident. While the exposed information appears to have been limited to email addresses, the breach is especially sensitive because everyone on the distribution list was receiving communications intended for Blue Badge holders. In practice, that meant recipients could identify hundreds of people as members of a group generally associated with disabilities or mobility impairments. One affected resident told local media that the disclosure had left her upset because most people in her life were unaware she held a Blue Badge. "Honestly, I think it's just disgusting – we've been given the details of hundreds of disabled people, which feels unsafe," she said. In a statement to The Register, a spokesperson at City of York Council said it activated its data breach procedures as soon as the error was identified and is conducting a risk assessment in line with guidance from the UK Information Commissioner's Office. "We're working carefully to establish exactly what's happened, alongside conducting a thorough risk assessment ... to understand any potential impact on individuals," a spokesperson said. “Our investigation is ongoing, and we’ll continue to be as open as possible while ensuring the accuracy of the information we provide.” The spokesperson declined to say how many individuals were affected or whether the issue was caused by human error or a technical issue. The council added that it was assessing whether the incident meets the threshold for notification to the ICO within the statutory 72-hour reporting window. That may depend less on the email addresses themselves than on what the mailing list revealed. A spokesperson at the ICO told The Register: "We can confirm that we have received a data breach report on this matter, and following an assessment of the information provided we have closed the case with advice given.” For all the talk of AI-powered cyber threats, it seems some organizations remain committed to the classics. ®

The next threat your server faces may have been helped along by a bot. OpenAI's Codex agent helped uncover a remote denial-of-service (DoS) exploit that can be launched from a single machine to render vulnerable web servers inaccessible in seconds, according to Calif security researchers. The attack works on default HTTP/2 configurations of major web servers including nginx, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare Pingora. As of Thursday, Microsoft IIS and Cloudflare Pingora still don’t have a patch, according to the researchers, although Cloudflare disputes this finding. “Cloudflare's existing architecture and DDoS mitigations automatically detect and protect against this attack, making customers resilient to this vulnerability,” a spokesperson told The Register. “No patch is needed.” “We are aware and actively investigating appropriate mitigations to help keep customers protected," a Microsoft spokesperson told The Register. Calif researcher Quang Luong discovered the exploit, named it HTTP/2 Bomb, and will present the full technical details of the attack at the Real World AI Security conference later this month. In the meantime, there are proof-of-concept exploit scripts on GitHub along with a warning from the AI red teaming security shop: “Please don't point these at infrastructure you don't own.” In a Tuesday blog, Luong says Codex chained two existing DoS attack techniques that have been known for more than a decade - HPACK compression bomb and Slowloris-style hold - and warns that upwards of 880,000 websites supporting HTTP/2 and running one of the vulnerable web servers may be affected. An HPACK bomb attack (also known as CVE-2016-6581) exploits the HTTP/2 header compression algorithm (HPACK) by sending thousands of tiny messages to the server, forcing it to rapidly allocate memory and ultimately crash. Then the Slowloris DoS attack (CVE-2016-8740 and CVE-2016-1546) overwhelms the server by opening legitimate connections and maintaining them as long as possible. Combining the two exhausts the server’s memory and forces it offline. “A home computer on a 100Mbps connection can render a vulnerable server inaccessible within seconds,” Luong wrote. “Against Apache httpd and Envoy, a single client can consume and hold 32GB of server memory in roughly 20 seconds.” The Calif research team disclosed the issue to nginx in April, and the web server’s maintainers fixed it the next day in version 1.29.8, which imports the max_headers directive from freenginx. Apache issued a fix (mod_http2 v2.0.41) the same day that Calif submitted its report, and assigned it CVE-2026-49975. “The fix commits above are public and disclose the vectors directly; any capable AI model can turn those diffs into a working exploit, which is exactly how we found that Microsoft IIS, Envoy, and Pingora are also vulnerable,” the threat hunting team wrote, adding that all three have been notified. In a Wednesday update, Calif pointed to Envoy patches “that appear to mitigate this attack,” and notes that its researchers are still validating the fix to ensure it works. For Microsoft IIS and Cloudflare Pingora, the security sleuths recommend disabling HTTP/2 if possible, or enforcing a cap on the number of HTTP headers a client can send in a single request to the server. The fact that a coding agent - not a human - discovered this attack is notable, according to Calif. “Both halves have been public for a decade,” Luong wrote. “What Codex did was read the codebases, recognize that the two compose, and build the combined attack. That combination is obvious once you see it, and yet as far as we can tell no human had put it together against these servers.” ® Updated at 2023 with statement from Microsoft.