Security

Google’s Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploited in the wild in 2025, with 43 of them — nearly half — targeting enterprise networking and security infrastructure. This represents an all-time high for enterprise-focused zero-days and a clear signal that the devices network engineers manage daily are now the primary attack surface. Key Takeaway: Network appliances like firewalls, VPN concentrators, and SD-WAN controllers have replaced endpoints as the top zero-day target. If you manage Cisco ASA, FTD, or any edge device, this report is your wake-up call. ...

The honest answer to “How long from CCNP to CCIE Security?” is somewhere between 6 months and 3 years — and the variance has almost nothing to do with how smart you are. It’s determined by three factors: your hands-on ISE/FTD production experience, your daily study hours, and whether you’ve built realistic lab topologies or just watched videos. I’ve seen engineers with 5+ years of security operations pass in 6 months of focused preparation, and I’ve seen talented engineers with no ISE background struggle for 2+ years. ...

Cisco just expanded the list of actively exploited Catalyst SD-WAN vulnerabilities — and if you haven’t patched yet, you’re running out of time. On March 5, 2026, Cisco updated its advisory to confirm that CVE-2026-20128 and CVE-2026-20122 are now being exploited in the wild, bringing the total number of actively exploited SD-WAN flaws to three in just eight days. Combined with the critical CVE-2026-20127 zero-day disclosed on February 25, this represents a sustained campaign against SD-WAN infrastructure that every network engineer needs to take seriously. ...

CVE-2026-20127 is a maximum-severity (CVSS 10.0) authentication bypass vulnerability in Cisco Catalyst SD-WAN that has been actively exploited since 2023. Disclosed on February 25, 2026, it allows an unauthenticated remote attacker to bypass peering authentication on vSmart Controllers and vManage, gain admin-level access, reach the NETCONF interface, and manipulate routing and policy across an entire SD-WAN fabric. Five Eyes intelligence agencies issued a coordinated emergency advisory the same day, and CISA added it to the Known Exploited Vulnerabilities catalog within hours. ...