Patch Now or Get Owned: Three Active Exploits Targeting Your Infrastructure Today

ShinyHunters just hit 100+ orgs through a CVSS 9.8 zero-day, Cisco SD-WAN is under fire, and your UniFi controller is one missing MFA toggle away from disaster.

Lock Down Your UniFi Controller — MFA Is No Longer Optional

Willie Howe dropped a blunt reminder yesterday that lands squarely on this audience: if your UniFi controller, UniFi Network server, or UniFi OS console isn't protected by multi-factor authentication, you're one credential-stuffing attempt away from handing over your entire network topology to someone else.

This isn't theoretical. Ubiquiti accounts get targeted constantly — they're high-value because a single compromised account can mean full visibility into network configs, VLANs, firewall rules, and connected clients. Cloud-hosted controllers are especially exposed since they're reachable from anywhere by design.

The fix is straightforward: enable MFA on your Ubiquiti SSO account at account.ui.com, and if you're running a self-hosted UniFi Network Server, lock the admin portal behind your own MFA layer at the reverse proxy or VPN level.

If you manage UniFi for clients, audit every account today. MSPs running shared portals should treat this as a P1 task — one client's weak credentials can cascade across your entire management plane. Willie's video walks through the specifics; go watch it. Then go enable MFA. In that order.

CVE-2026-20262: Cisco Catalyst SD-WAN Is Being Actively Exploited Right Now

Cisco confirmed active exploitation of CVE-2026-20262, a vulnerability in Cisco Catalyst SD-WAN Manager that allows attackers to perform arbitrary file writes. That's the kind of primitive that leads directly to remote code execution and full device compromise.

This isn't a "patch in your next maintenance window" situation. Arbitrary file write on a WAN management platform means attackers can overwrite configs, drop backdoors, or destabilize routing across your entire SD-WAN fabric. If you're running Catalyst SD-WAN Manager in any capacity — enterprise branch deployments, managed service environments, or hybrid WAN setups — you need to verify your version and cross-reference Cisco's advisory immediately.

Cisco has published patches. The path forward is clear: identify affected versions, stage your upgrade, and get it done. If you can't patch immediately, restrict management plane access to trusted IPs only and audit recent file system changes on your SD-WAN Manager instances for anything anomalous.

CISA has also added this CVE to the Known Exploited Vulnerabilities catalog, which means federal agencies have a hard deadline — and that urgency should translate to everyone else too.

Oracle PeopleSoft Zero-Day: 100+ Breaches and No Full Patch Available

CVE-2026-35273 is the kind of vulnerability that keeps enterprise sysadmins up at night. A CVSS 9.8 SSRF-to-RCE chain in Oracle PeopleSoft, actively weaponized by ShinyHunters since May 27, has already torn through more than 100 organizations. The Council of Europe is reportedly facing a ransom deadline today — and Oracle still hasn't shipped a full patch.

If your organization runs PeopleSoft for HR, finance, or student information systems, your exposure window is open right now. The SSRF-to-RCE chain means attackers can pivot from an outward-facing request forgery into full server-side code execution — no authentication required if the exploit chain lands cleanly.

Without a complete patch available, your mitigation options are network-level: restrict external access to PeopleSoft web interfaces, enforce egress filtering to block unexpected outbound connections from PeopleSoft nodes, and get your WAF rules tuned for SSRF patterns. Oracle's support portal should have interim guidance — lean on it hard. Log everything and watch for lateral movement. ShinyHunters monetizes through data exfiltration, so your priority is detecting exfil before it completes.

FortiSandbox Under Active Attack — Three Critical Bugs, One Urgent Patch Cycle

Fortinet is dealing with a triple-header: three critical vulnerabilities in FortiSandbox are under active attack, and CISA has simultaneously added related Fortinet flaws to the KEV catalog. If FortiSandbox is part of your security stack — used for dynamic malware analysis and threat detonation — the irony of your sandbox getting compromised shouldn't be lost on you.

Details on the specific CVEs are still emerging, but the pattern here is familiar: Fortinet products are high-priority targets because they sit at the perimeter and often have elevated trust relationships with the rest of the network. A compromised sandbox appliance can be leveraged to manipulate threat verdicts, exfiltrate analyzed files, or pivot deeper into the management network.

Check Fortinet's PSIRT advisory page now, identify your FortiSandbox firmware version, and get patched. If you're running FortiSandbox in an integrated fabric with FortiGate or FortiManager, treat this as a full fabric audit — verify that management interfaces are not internet-exposed and that inter-device trust is scoped as tightly as possible. The CISA KEV listing means the exploitation bar is low and the threat actors are already tooled up.

Wi-Fi 7 Device Compatibility in 2026: The Ecosystem Is Finally Ready

Enough doom and gloom — here's something worth planning around. BGR put together a solid rundown of flagship smartphones and PCs that support Wi-Fi 7 in 2026, and the short version is: the client ecosystem has caught up.

Most flagship Android devices shipping this year include Wi-Fi 7 chipsets. Apple's current iPhone lineup supports it. On the PC side, Intel's latest platforms and Qualcomm Snapdragon X series both have Wi-Fi 7 built in, which means a significant chunk of new enterprise laptops are already capable.

What does this mean practically? If you've been holding off on Wi-Fi 7 AP deployments because client support was spotty, that calculus is shifting. For home lab folks eyeing Ubiquiti's U7 series or similar Wi-Fi 7 APs, you're no longer buying ahead of your devices — your daily drivers likely already support it. For enterprise network planners, now is the right time to start piloting Wi-Fi 7 infrastructure in high-density environments where the 320 MHz channel width and multi-link operation actually move the needle on throughput and latency. The infrastructure investment is starting to make sense at scale.

Want this in your inbox? Subscribe here · Follow on LinkedIn · Join the Discord