✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Telecommunications
Breach intelligence, attack campaigns, and threat reports targeting the Telecommunications sector.
Explore Other Sectors
Telecommunications Threat Reports
Poland's Crackdown on SIM-Swap Crypto Theft: A 2026 Case Study
In June 2026, Polish authorities, with support from the FBI and Homeland Security Investigations, arrested four individuals involved in a sophisticated SIM-swapping scheme targeting cryptocurrency exchanges. The perpetrators breached IT systems of entities collaborating with telecom operators, using specialized software and social engineering to access employee email accounts. This enabled them to hijack victims' phone numbers, intercept SMS messages, and gain control over cryptocurrency exchange accounts, resulting in the theft and laundering of digital assets exceeding tens of millions of Polish zloty. ([thecoinomist.com](https://thecoinomist.com/news/poland-detains-four-sim-swap-crypto-heist-merry-linked/?utm_source=openai)) This incident underscores the escalating threat of SIM-swapping attacks in the cryptocurrency sector, highlighting the need for enhanced security measures beyond SMS-based two-factor authentication. The collaboration between Polish authorities and U.S. agencies reflects the global nature of cybercrime and the importance of international cooperation in combating such threats.
13 hours ago
Kill Chain
Cisco SD-WAN Zero-Day CVE-2026-20245 Exploited
In June 2026, a high-severity zero-day vulnerability, CVE-2026-20245, was discovered in Cisco Catalyst SD-WAN Manager. This flaw allows authenticated attackers with netadmin privileges to execute arbitrary commands as root by uploading specially crafted files. Exploitation of this vulnerability has been observed in the wild, leading to unauthorized configuration changes on edge devices. Notably, attackers have been exploiting this vulnerability for months prior to its public disclosure, highlighting significant security gaps in the SD-WAN infrastructure. The exploitation of CVE-2026-20245 underscores a concerning trend of increasing attacks targeting SD-WAN solutions. Organizations relying on Cisco's SD-WAN products must prioritize immediate mitigation strategies, as the absence of a patch leaves systems vulnerable to potential breaches and operational disruptions.
13 hours ago
Kill Chain
Cisco SD-WAN Vulnerability Exploited Two Months Before Disclosure
In March 2026, attackers began exploiting a critical vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN, two months prior to its public disclosure. This flaw allows authenticated users with netadmin privileges to escalate to root-level access by uploading a crafted file, due to insufficient input validation in the command-line interface. Exploitation was observed in service provider environments, where attackers gained initial access via rogue peering connections, potentially by leveraging other vulnerabilities such as CVE-2026-20182 or CVE-2026-20127. The incident underscores the increasing targeting of network infrastructure by threat actors, highlighting the necessity for organizations to promptly apply security patches and monitor for unauthorized access. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20245 to its catalog of known exploited vulnerabilities on June 4, 2026, emphasizing the urgency of remediation efforts.
20 hours ago
Kill Chain
Terrabot Botnet's 2026 Exploitation of IoT Vulnerabilities
In June 2026, the Terrabot botnet, an aggressive IoT malware variant derived from Mirai and Gafgyt frameworks, was observed scanning the internet for vulnerabilities to exploit and expand its network of compromised devices. The botnet targeted known vulnerabilities in legacy D-Link DSL routers (CVE-2016-20017) and Dasan GPON routers (CVE-2018-10561), attempting unauthenticated command injections. However, due to automation errors, such as empty POST request bodies and malformed payloads, many of these exploit attempts failed, highlighting the botnet's technical limitations. ([isc.sans.edu](https://isc.sans.edu/diary?utm_source=openai)) This incident underscores the persistent threat posed by IoT botnets, even those with flawed execution, as they continue to exploit unpatched vulnerabilities in widely used devices. The rapid proliferation of such botnets emphasizes the need for robust security measures, timely patching, and vigilant monitoring to protect against automated cyber threats.
20 hours ago
Kill Chain
Cisco SD-WAN Zero-Day Exploited in Communications Provider Breach
In early 2026, a sophisticated threat actor exploited a zero-day vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager to infiltrate a communications service provider's network. The attacker gained root-level access by uploading a malicious CSV file, creating a rogue user account named 'troot,' and potentially achieving undetected visibility into the provider's internal traffic. Cisco has since patched the flaw, but the full extent of the compromise remains unclear due to the attacker's anti-forensic measures. This incident underscores the increasing targeting of edge devices by cyber adversaries, highlighting the need for enhanced security measures in network management platforms. Organizations are urged to prioritize patching, implement robust monitoring, and adopt zero-trust architectures to mitigate similar threats.
22 hours ago
Kill Chain
Cisco SD-WAN Zero-Day CVE-2026-20245: Active Exploitation with No Patch Available
In June 2026, Cisco disclosed CVE-2026-20245, a high-severity zero-day vulnerability in its Catalyst SD-WAN Manager, which was actively exploited in the wild. This flaw allows authenticated attackers with netadmin privileges to upload crafted files and execute arbitrary commands as root, potentially compromising the entire SD-WAN infrastructure. The vulnerability affects all deployment types, including on-premises, Cloud-Pro, Cisco Managed Cloud, and FedRAMP environments. Notably, this marks the seventh SD-WAN zero-day exploited in 2026, highlighting a concerning trend of targeted attacks on Cisco's SD-WAN solutions. Organizations utilizing Cisco SD-WAN should prioritize mitigating this vulnerability by restricting and auditing netadmin accounts, isolating management interfaces, and monitoring for anomalous command executions. ([thecybersignal.com](https://www.thecybersignal.com/cisco-catalyst-sd-wan-manager-cve-2026-20245-zero-day-exploited-no-patch-2026/?utm_source=openai))
1 day ago
Kill Chain
Critical Vulnerability in Lantronix EDS5000 Devices Actively Exploited
In June 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about active exploitation of a critical vulnerability in Lantronix EDS5000 Series devices. Identified as CVE-2025-67038 with a CVSS score of 9.8, this code injection flaw allows unauthenticated attackers to execute arbitrary OS commands with root privileges by exploiting improper input sanitization in the HTTP RPC module. The vulnerability was disclosed in April 2026 as part of the BRIDGE:BREAK set of vulnerabilities affecting serial-to-IP converters from Lantronix and Silex. The active exploitation of CVE-2025-67038 underscores the increasing targeting of IoT devices in critical infrastructure. Organizations must prioritize patching vulnerable systems and implementing robust input validation to mitigate such risks.
1 day ago
Kill Chain
CISA Highlights Critical Vulnerabilities in Lantronix and Ubiquiti Devices
On June 23, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation. These vulnerabilities include CVE-2025-67038 affecting Lantronix EDS5000 devices, and three critical issues in Ubiquiti UniFi OS: CVE-2026-34908 (improper access control), CVE-2026-34909 (path traversal), and CVE-2026-34910 (improper input validation). These vulnerabilities are frequently exploited by malicious actors, posing significant risks to federal enterprises. ([cyberleveling.com](https://cyberleveling.com/blog/unifi-os-cve-2026-34908-34909-34910-critical?utm_source=openai)) The inclusion of these vulnerabilities in the KEV Catalog underscores the ongoing threat posed by unpatched systems. Organizations are urged to prioritize remediation efforts to mitigate potential exploits, especially given the critical nature of these vulnerabilities and their potential impact on network infrastructure.
1 day ago
Kill Chain
Critical Cisco Unified CM Vulnerability CVE-2026-20230 Exploited in the Wild
In June 2026, a critical server-side request forgery (SSRF) vulnerability, identified as CVE-2026-20230, was discovered in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME). This flaw allows unauthenticated remote attackers to send crafted HTTP requests, enabling arbitrary file writes to the underlying operating system and potential privilege escalation to root. The vulnerability specifically affects deployments with the WebDialer service enabled, which is disabled by default. Cisco has assigned a Security Impact Rating of Critical due to the severity of the potential exploit. The public availability of proof-of-concept exploit code has led to active exploitation of this vulnerability in the wild. Organizations using affected Cisco Unified CM versions are urged to apply the provided patches immediately or disable the WebDialer service to mitigate the risk of unauthorized access and control over their telephony infrastructure.
1 day ago
Kill Chain
U.S. Authorities Dismantle Huione Group's Cybercrime Infrastructure in 2026
In June 2026, the U.S. Department of Justice seized a cloud computing account linked to subsidiaries of the Cambodia-based Huione Group, a conglomerate implicated in extensive cyber scams and money laundering activities. This infrastructure supported Huione Guarantee, a Telegram-based marketplace facilitating the sale of stolen personal data, malware-enabled thefts, and laundering of proceeds from various scams, including romance and investment frauds. The operation disrupted a significant node in the global cybercrime ecosystem, which had laundered over $4 billion in illicit funds between August 2021 and January 2025. This action underscores the escalating efforts by U.S. authorities to dismantle transnational cybercriminal networks exploiting digital platforms for large-scale fraud. The seizure highlights the critical need for robust cybersecurity measures and international cooperation to combat the evolving landscape of cyber threats targeting individuals and financial systems worldwide.
1 day ago
Kill Chain
Critical Cisco Unified CM Vulnerability CVE-2026-20230 Under Active Exploitation
In June 2026, a critical server-side request forgery (SSRF) vulnerability, identified as CVE-2026-20230, was discovered in Cisco Unified Communications Manager (Unified CM) and its Session Management Edition (Unified CM SME). This flaw allows unauthenticated remote attackers to send crafted HTTP requests, enabling them to write files to the underlying operating system and potentially escalate privileges to root. Cisco released security updates on June 3, 2026, to address this vulnerability. ([sec.cloudapps.cisco.com](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW?vs_f=Cisco+Security+Advisory%26vs_cat%3DSecurity+Intelligence%26vs_type%3DRSS%26vs_p%3DCisco+Unified+Communications+Manager+Server-Side+Request+Forgery+Vulnerability%26vs_k%3D1&utm_source=openai)) By June 23, 2026, threat intelligence firm Defused reported active exploitation of this vulnerability in the wild. Attackers were observed using file:// payloads to create test files on vulnerable devices, indicating reconnaissance activities. The availability of a proof-of-concept exploit increases the urgency for organizations to apply the provided patches promptly.
2 days ago
Kill Chain
Tata Electronics Cyberattack: A Wake-Up Call for Supply Chain Security
In June 2026, Tata Electronics, a division of the Tata Group specializing in electronic components and semiconductor manufacturing, confirmed a cyberattack that impacted parts of its IT infrastructure. The company stated that operations remained unaffected. The World Leaks threat group claimed responsibility, leaking over 200,000 files totaling approximately 630 GB, including sensitive manufacturing data for Apple and Tesla products. The leaked information comprises internal component schematics, PCB designs, material specifications, and SDK files. ([business-standard.com](https://www.business-standard.com/companies/news/tata-electronics-hit-by-cyber-breach-exposing-apple-tesla-trade-secrets-126062201241_1.html?utm_source=openai)) This incident underscores the escalating threat posed by data extortion groups like World Leaks, which focus on stealing and leaking sensitive corporate data without deploying traditional ransomware. The breach highlights the critical need for robust cybersecurity measures and supply chain security, especially for companies handling proprietary information of major technology firms. ([business-standard.com](https://www.business-standard.com/companies/news/tata-electronics-cyber-breach-apple-tesla-supply-chain-security-126062300396_1.html?utm_source=openai))
2 days ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports