Security Bulletin

February 3rd, 2026

❓What:

• A critical authentication bypass vulnerability (CVE-2026-20127) affecting Cisco Catalyst SD-WAN Controller and SD-WAN Manager allows a remote attacker to bypass authentication and obtain high-privileged access to affected systems.

• The flaw stems from a failure in the SD-WAN peering authentication mechanism, enabling attackers to send crafted requests that grant privileged access.

• The vulnerability carries a CVSS score of 10.0 and has been actively exploited since at least 2023 by a sophisticated threat actor tracked as UAT-8616.

February 17th, 2026

Overview:

Microsoft’s February 10, 2026 Patch Tuesday addressed ~54–59 vulnerabilities (counts vary slightly by tracker methodology), including six actively exploited zero-day vulnerabilities and five critical issues. This month is notable for the unusually high number of in-the-wild zero-days, many involving security feature bypass and privilege escalation, making rapid patching essential.

Vulnerability Category Breakdown:

• Elevation of Privilege (EoP): ~25 vulnerabilities (~43%)

February 3rd, 2026

❓What:

• BleepingComputer reports that an intrusion attributed to the ShinyHunters group led to stolen user data being published after extortion failed.

• The “14 million” figure referenced records, not unique people; Have I Been Pwned found ~5.1M unique email addresses/accounts in the leaked dataset.

• Attackers claimed access via a Microsoft Entra SSO code as part of a broader voice-phishing (vishing) campaign targeting SSO accounts.

January 15, 2026

Overview:

Microsoft’s January 13, 2026 Patch Tuesday addressed ~114 vulnerabilities (counts vary slightly by tracker methodology), including one actively exploited zero-day, two publicly disclosed zero-days, and eight critical issues.

Vulnerability Category Breakdown:

• Elevation of Privilege (EoP): ~57 vulnerabilities (~50%)