Go try Flare for FREE at https://go.lowlevel.tv/flare2026 and see if you or your company's data is out there.

https://blog.talosintelligence.com/uat-8616-sd-wan/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk

🏫 MY COURSES
Sign-up for my FREE 3-Day C Course: https://lowlevel.academy

🧙‍♂️ HACK YOUR CAREER
Wanna learn to hack? Join my new CTF platform: https://stacksmash.io

🔥COME HANG OUT   
Check out my other stuff: https://lowlevel.tv

Low Level Learning

A breakdown of a sophisticated attack chain attributed to Salt Typhoon (UAT8616), a Chinese threat actor. The attack exploited a vulnerability in Cisco SDWAN's peering system to join a corporate network as a fake branch node. From there, attackers performed a firmware downgrade to reintroduce a 2022 CVE (path traversal in the Cisco SDWAN CLI), then leveraged it to read the confd IPC secret and escalate privileges to root across every branch of the target company. Defenders are advised to upgrade firmware, monitor for unrecognized peers joining the control plane, and watch for crafted usernames containing path traversal strings in authentication logs.

the most advanced hack i've ever seen