Welcome to the ONSEC Cyber Daily for February 27, 2026. Today, we unravel a gripping tale of vulnerabilities and patches that weave through the digital landscape. Zyxel has swiftly patched a critical command injection vulnerability in its routers, a move that echoes the urgency seen in the ongoing battle against the Cisco SD-WAN zero-day flaw, exploited since 2023. As security agencies worldwide scramble to mitigate these threats, the Black Duck 2026 OSSRA report highlights AI's role in the unprecedented rise of cyber risks. Meanwhile, Microsoft sounds the alarm on OpenClaw risks, urging vigilance. In this interconnected web of cyber challenges, the call for immediate action and robust defenses has never been clearer. Stay informed, stay secure.

Exploits Alert

1. Zyxel Patches Critical Command Injection Vulnerability in Routers: Zyxel has released a patch for a critical command injection vulnerability affecting its routers. This flaw could allow attackers to execute arbitrary commands on affected devices, posing significant security risks. Users are urged to update their devices immediately to mitigate potential exploitation. Source: SC Media.
2. Attackers Exploiting Cisco SD-WAN Zero-Day Flaw Since 2023: A zero-day vulnerability in Cisco's SD-WAN has been actively exploited by attackers since 2023. This flaw allows unauthorized access and control over affected systems, making it a critical security concern. Organizations using Cisco SD-WAN are advised to apply the latest security patches and follow recommended mitigation strategies. Source: Security Boulevard.
3. Microsoft Warns of OpenClaw Risks on Standard Workstations: Microsoft has issued a warning about the OpenClaw vulnerability, which affects standard workstations. This vulnerability could lead to unauthorized data access and system compromise if not addressed promptly. Users are encouraged to implement security updates and follow best practices to protect their systems. Source: SC Media.
4. Security Agencies Issue Warning Over Critical Cisco Catalyst SD-WAN Vulnerability: Multiple security agencies have issued a warning regarding a critical vulnerability in Cisco Catalyst SD-WAN. This flaw could be exploited to disrupt network operations and compromise sensitive data. Organizations are urged to follow the emergency directive and apply necessary security measures. Source: ITPro.
5. Critical Cisco SD-WAN Zero-Day Exploited For Years By Advanced Threat Actor: An advanced threat actor has been exploiting a zero-day vulnerability in Cisco's SD-WAN for years, as part of a sophisticated cyber espionage campaign. This vulnerability poses a severe threat to organizations relying on Cisco's technology, highlighting the need for immediate security updates and vigilance. Source: LinkedIn.

Vulnerabilities & Patches

1. Zyxel Patches Critical Command Injection Vulnerability in Routers: Zyxel has addressed a critical command injection flaw, tracked as CVE-2025-13942, within the UPnP function of various CPE and extender models. This vulnerability, with a CVSS score of 9.8, could allow attackers to execute arbitrary commands on affected devices. Users are urged to apply the patch immediately to mitigate potential risks. Source: SC Media.
2. Trend Micro Fixes Two Critical Flaws in Apex One: Trend Micro has released patches for two critical vulnerabilities in Apex One, which could enable remote code execution on vulnerable Windows systems. These flaws necessitate immediate updates to prevent potential exploitation. Organizations using Apex One are strongly advised to apply these patches without delay. Source: Security Affairs.
3. Google Chrome Zero-Day CVE-2026-2441 Patched: Google has issued a patch for a high-risk zero-day vulnerability in Chrome, identified as CVE-2026-2441. This memory error could be exploited by attackers to compromise systems. Chrome users are advised to restart their browsers to ensure the update is applied. Source: Gazeta Express.
4. Cisco SD-WAN Zero-Day Under Exploitation for 3 Years: A critical zero-day vulnerability, CVE-2026-20127, affecting Cisco SD-WAN has been actively exploited for three years. This flaw allows attackers to gain remote administrative access, and immediate patching is essential as there are no viable workarounds. Organizations using Cisco SD-WAN should prioritize this update. Source: Dark Reading.
5. ServiceNow AI Platform Vulnerability Enables Remote Code Execution: A critical vulnerability in the ServiceNow AI platform, CVE-2026-0542, has been patched, which could allow remote code execution. Organizations using this platform should apply the latest patch to secure their systems against potential exploitation. Source: Cybersecurity News.

Podcasts

1. Faster Cyberattacks, OpenClaw NPM Bypass, SkillsBench Human Guidance | Ep.52: This episode dives into the increasing speed of cyberattacks and the innovative methods like OpenClaw NPM Bypass that hackers are using. It also explores how SkillsBench is providing human guidance to counter these threats. Source
2. The Cascading Economic Ripple Effects Of Cybercrime: This podcast series examines the far-reaching economic impacts of cybercrime, featuring insights from victims, law enforcement, and cybersecurity experts. It highlights how cybercrime affects not just the immediate victims but also the broader economy. Source
3. Should You Phish Your Employees or Not? - CISO Series: This episode questions the effectiveness of phishing tests, discussing whether they actually improve security or inadvertently cause more harm. It provides a nuanced view on employee training and cybersecurity strategies. Source
4. Google disrupts UNC2814, TriZetto breach impacts 3M+, 2023 Cisco bug exploited: This episode covers Google's disruption of the UNC2814 group, the significant impact of the TriZetto breach affecting over 3 million individuals, and the exploitation of a Cisco bug since 2023. It provides a comprehensive update on current cybersecurity challenges. Source

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is ever-evolving, with vulnerabilities like those in Zyxel routers and Cisco SD-WANs reminding us of the constant vigilance required to safeguard our networks. The Black Duck 2026 OSSRA report highlights AI's role in this historic surge of cyber threats, urging us to stay informed and proactive. In a world where attackers exploit zero-day flaws and critical vulnerabilities, sharing knowledge is our strongest defense. We encourage you to spread the word about ONSEC Cyber Daily with your friends and colleagues. Together, we can build a more secure digital future, one informed reader at a time. Stay safe, stay informed, and see you in the next issue!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn