Morning Overview on MSN

Cisco’s sixth SD-WAN zero-day of 2026 gives remote attackers admin access through an authentication bypass — CISA confirms active exploitation

A remote attacker with no valid credentials can now seize full administrative control of certain Cisco SD-WAN devices, and ...
The Hacker News

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

CISA added CVE-2026-20182, a CVSS 10.0 Cisco Catalyst SD-WAN Controller authentication bypass flaw, to its KEV catalog.
The Hacker News

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

CVE-2026-20182 bypasses Cisco SD-WAN auth via DTLS port 12346, enabling admin access after May 2026 exploitation.
Threat Post

Zero Day in Android’s Google Admin App Can Bypass Sandbox

The Android security team at Google is having a busy month. First the Stagefright vulnerabilities surfaced last month just before Black Hat and now researchers at MWR Labs have released information on ...
ZDNet

Sandbox bypass in Android Google Admin console revealed

A security flaw allows third-party applications to bypass sandbox restrictions in the Google Admin console has been disclosed. Posted on Full Disclosure on Friday, Rob Miller, senior security ...

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain ...
Dark Reading

Critical Ivanti vTM Bug Allows Unauthorized Admin Access

Ivanti has patched another major vulnerability, this time affecting its Virtual Traffic Manager (vTM). Ivanti vTM is an application delivery controller (ADC) within its vADC (Virtual Application ...