Zero Day MonitorZDM

← Back to list

EST

PRE-CVEEXPLOITED

cis · talos incident response

Identity-based attacks exploiting stolen credentials

60% confidence

Description

Identity-based attacks accounted for 60% of all Talos IR cases, with Active Directory being the focal point in 44% of those incidents. Attackers bypassed multi-factor authentication (MFA) through push fatigue, misconfigured policies, or lack of full enrollment.

Affected Products

Vendor	Product	Versions
cis	talos incident response	—

Related News (1 articles)

Tier C

Cisco Talos1d ago

From the field to the report and back again: How incident responders can use the Year in Review

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-287

PublishedApr 9, 2026

Last enriched1h ago

Tags

identity-based attacksmfa bypass

Trending Score40

Source articles1

Independent1

Info Completeness7/14

Missing: cve_id, versions, cvss, epss, kev, patch, iocs

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-20160

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

CRITICALCVE-2026-20093

Cisco Integrated Management Controller Authentication Bypass Vulnerability

CRITICALCVE-2026-20131EXPKEV

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root&n

HIGHCVE-2026-20094

Cisco Integrated Management Controller Command Injection Vulnerability

MEDIUMCVE-2026-20097

Cisco Integrated Management Controller Remote Code Execution Vulnerability

Pin to Dashboard

Verification

State: reported

Confidence: 60%

Vulnerability Timeline

CVE Published

Apr 9, 2026

Actively Exploited

Apr 10, 2026

Exploit Available

Apr 10, 2026

Discovered by ZDM

Apr 10, 2026