The Cipher

Saturday 6 June 2026 · Melbourne

Cisco's SD-WAN Problem Is Now a Pattern, Not an Incident

Cisco's seventh SD-WAN zero-day of 2026 is being actively exploited with no patch in sight — and the World Food Programme breach just put 600,000 vulnerable Gazan families' data in the wrong hands.

Lead story

Cisco's SD-WAN Problem Is Now a Pattern, Not an Incident

Cisco has disclosed yet another unpatched zero-day in its Catalyst SD-WAN Manager platform — the seventh such vulnerability in this product line to be actively exploited so far this year. CVE-2026-20245 allows an unauthenticated attacker to escalate privileges all the way to root. There is currently no patch available.

Let that number sink in for a moment: seven. That's not a bad luck streak. That's a pattern.

SD-WAN sits at the edge of enterprise networks — it's the gear that connects branch offices, cloud workloads, and remote sites back to the mothership. Root access on that box means an attacker is effectively sitting at the front door with a master key. For any organisation running Catalyst SD-WAN Manager, this is a "get the CISO on the phone" situation, not a "add it to the backlog" one.

Cisco's advisory offers the usual mitigation guidance — restrict management interface access, monitor for anomalous activity — but the absence of a patch means defenders are playing defence without a proper shield. The company says it is working on a fix, without a committed timeline.

Why this keeps happening deserves more attention than the individual CVE. Cisco's SD-WAN portfolio has been a consistent source of critical, exploited flaws throughout 2026. Security researchers point to a combination of factors: the product's complexity, a large exposed attack surface (SD-WAN managers are frequently internet-accessible for operational convenience), and a codebase that has grown through acquisitions rather than being built clean. The result is a product that enterprises depend on for the core of their network architecture, with a security track record that should be giving procurement teams serious pause.

For defenders right now: if your SD-WAN Manager has a management interface reachable from the internet, take it off. That single step removes the most likely attack vector while you wait for a patch. Verizon's 2026 DBIR, released this week, reinforces the point — network edge devices remain one of the most common initial access vectors, precisely because they're internet-facing and often under-patched.

The Australian angle is real here. SD-WAN is widely deployed across Australian enterprise and government networks, and the ACSC has previously flagged Cisco vulnerabilities in its "patch now" advisories. Organisations covered by the SOCI Act — particularly those in the communications, energy, and financial services sectors — should be checking their exposure today, not waiting for a coordinated advisory.

The broader question this raises: at what point does a seven-zero-days-in-one-year track record trigger a harder conversation about whether a critical-infrastructure product meets the security bar it's supposed to? That's a question for vendors, regulators, and procurement teams alike — and it's increasingly one that Australian frameworks like the Essential Eight and SOCI Act risk assessments are going to have to grapple with directly.

Top picks

World Food Programme Breach Exposes 600,000 Gaza Aid Recipients

A data breach at the World Food Programme has exposed the personal details of approximately 600,000 Palestinian families receiving humanitarian aid in Gaza. The leaked data includes names, identification numbers, and household information — exactly the kind of records that could be weaponised in a conflict zone to target aid recipients. The WFP has told affected families that support will continue, but the exposure of vulnerable civilian data in an active war zone raises the stakes well beyond a typical breach notification. Humanitarian organisations are increasingly being targeted precisely because their data is sensitive and their security budgets are thin.

The Register ↗

Chinese APT UNC5221 Deploys Fresh Malware Trio in Microsoft 365 Environments

A Chinese espionage group designated UNC5221 has been caught using two previously undocumented malware families — Plenet and AgentPSD — alongside the known Brickstorm backdoor to maintain persistent access inside Microsoft 365 tenancies. The group appears focused on long-term intelligence collection rather than disruption, with the new tools designed specifically to blend into legitimate M365 activity and evade detection. It's a reminder that the espionage threat in cloud productivity environments is not theoretical — it's ongoing and increasingly sophisticated. Australian government and critical infrastructure organisations using Microsoft 365 should review their cloud detection and response posture against UNC5221 TTPs.

Bleeping Computer ↗

Five Eyes Warns: That LinkedIn Recruiter Could Be Chinese Intelligence

A joint Five Eyes advisory — including Australia's ASD — is warning government and military personnel that Chinese intelligence officers are systematically posing as recruiters on LinkedIn and other professional platforms. The goal is to identify individuals with access to classified or sensitive information, build a relationship over weeks or months, and eventually elicit useful intelligence or recruit assets. The advisory is notable for its specificity: it describes the approach in enough detail that targets should recognise the pattern. For Australian Defence and public service employees, this is a direct heads-up — the AGSVA security briefings on foreign interference are there for a reason.

SecurityWeek ↗

Also today

IronWorm and Miasma Hit npm: 50+ Packages Poisoned in Twin Supply Chain Attacks

Two distinct supply chain attacks have hit the npm package ecosystem simultaneously. IronWorm is a Rust-based information stealer that scrapes secrets from developer machines and hides behind an eBPF kernel rootkit — making it unusually hard to detect once installed. The Miasma campaign, meanwhile, uses a self-spreading worm that propagates by poisoning more packages from an infected developer's environment. More than 50 legitimate packages were compromised across both campaigns. For anyone running automated CI/CD pipelines that pull from npm without pinned, verified dependencies, this is a concrete demonstration of why that matters.

The Hacker News ↗

Silent Ransom Group Sends Fake IT Workers to Victims' Offices

Google's Threat Intelligence Group and the FBI have jointly warned about a ransomware crew called Silent Ransom Group that has taken physical social engineering to a new level: sending people impersonating IT support staff directly to law firms' offices. Once inside, the fake workers either plug in USB drives or establish remote access sessions to exfiltrate data. It's a significant escalation from the usual phone-based vishing playbook, and a reminder that physical security and visitor management are part of the cybersecurity perimeter. Law firms are a particularly high-value target given the client confidentiality obligations and sensitive matter data they hold.

TechCrunch ↗

Google to Pay SpaceX $920M a Month for Compute — Ahead of Historic IPO

Google has signed a deal to pay SpaceX $920 million per month for computing capacity, with the announcement timed just one week before SpaceX's highly anticipated IPO. The scale of the deal is striking: that's north of $11 billion annually, making it one of the largest cloud infrastructure contracts ever disclosed publicly. SpaceX has been quietly building out significant compute capacity to support Starlink's AI and satellite operations. Whether this represents genuine strategic differentiation or an expensive way to diversify Google's supply chain ahead of a politically useful moment is a question worth watching.

TechCrunch ↗

AirTrunk Commits $30 Billion to Build AI Data Centres Across India

Australian data centre operator AirTrunk — acquired by Blackstone in 2024 — has committed $30 billion to build five gigawatts of AI data centre capacity across India. It's a colossal bet on India as the next major geography for hyperscale AI infrastructure, and a significant expansion of AirTrunk's Asia-Pacific footprint beyond its Australian and Japanese operations. For Australian readers, it's worth noting that AirTrunk's core domestic infrastructure underpins a substantial chunk of enterprise and hyperscale cloud workloads in this country — so the company's financial health and strategic direction has real local relevance, even when the big announcements are pointing east.

TechCrunch ↗

Anthropic's Revenue Hits $47 Billion Annualised — IPO Clock Is Ticking

Anthropic has disclosed that its annualised revenue crossed $47 billion in May 2026, up from roughly $9 billion at the end of last year. That's extraordinary growth by any measure. Co-founder and president Daniela Amodei, speaking ahead of the company's anticipated IPO, pushed back on scepticism about AI's returns on investment — though the company's spending on compute and model training means profitability remains a question mark. The S&P 500 this week also rejected SpaceX's application for fast-track index entry and signalled it would apply the same unprofitability rules to OpenAI and Anthropic when they eventually list.

TechCrunch ↗

AI's Token Bill Is Coming Due — Enterprises Are Hitting the Brakes

A detailed TechCrunch investigation finds that enterprises are experiencing sticker shock from AI inference costs, with finance and procurement teams now pushing back on uncapped LLM usage that ballooned during the "go fast" phase of 2024 and 2025. The framing has shifted from "how do we use more AI" to "how do we control what we're spending on tokens." It's a maturity inflection point the industry has been anticipating: the easy wins are done, and now organisations need to make AI usage legible, auditable, and cost-governed. Expect a wave of AI spend-management tooling to follow.

TechCrunch ↗

New York Passes First Statewide Data Centre Moratorium

New York's state legislature has passed a one-year moratorium on new large data centres — the first statewide ban of its kind in the US. The bill directs the state's environmental agency to assess the electricity, water, land, and pollution impacts of data centres before new approvals resume. Governor Kathy Hochul has not yet signed it. The move reflects growing community and environmental pressure on data centre expansion that mirrors debates in other jurisdictions, including Australia, where planned facilities in Victoria and New South Wales have faced similar pushback over energy and water use.

The Verge ↗

Chrome 149 Patches 429 Vulnerabilities — Including 100+ Critical or High Severity

Google's Chrome 149 release is a monster patch drop: 429 vulnerabilities addressed, with more than 100 rated critical or high severity. The dominant bug classes are use-after-free and insufficient validation of untrusted input — both browser staples that can lead to arbitrary code execution. Given Chrome's global install base, this is the kind of update that should be pushed enterprise-wide immediately rather than left to organic rollout. Chrome auto-updates for most consumer installs, but managed enterprise deployments on controlled update cycles should prioritise this one. Chrome is the most widely used browser in Australia across both consumer and enterprise environments.

SecurityWeek ↗

Previous briefs

Friday 5 June 2026

The Cipher

Cisco's SD-WAN Problem Is Now a Pattern, Not an Incident

IronWorm and Miasma Hit npm: 50+ Packages Poisoned in Twin Supply Chain Attacks

Silent Ransom Group Sends Fake IT Workers to Victims' Offices

Google to Pay SpaceX $920M a Month for Compute — Ahead of Historic IPO

AirTrunk Commits $30 Billion to Build AI Data Centres Across India

Anthropic's Revenue Hits $47 Billion Annualised — IPO Clock Is Ticking

AI's Token Bill Is Coming Due — Enterprises Are Hitting the Brakes

New York Passes First Statewide Data Centre Moratorium

Chrome 149 Patches 429 Vulnerabilities — Including 100+ Critical or High Severity

The $0 AI Worm: Why the Threat Doesn't Need a Frontier Model

When Your Notifications Become the Attacker's Keyboard

Trump's AI Executive Order Is Mostly a Handshake — and That Might Be the Point

When the Support Bot Becomes the Attacker's Best Friend

Dutch Police Dismantle a 17-Million-Device Botnet — and It's a Timely Reminder of How Big "Big" Really Is