Blog

Infographic: A History of Network Device Threats and What Lies Ahead

By: Eclypsium
January 16, 2026

[Updated January 16, 2026]

In 2023, the industry experienced a significant uptick in attacks against network devices such as VPNs, firewalls, load balancers, switches, and routers. This prompted us to document the history of attacks against network devices. The infographic below is not exhaustive, but provides a visual depiction of how these attacks have grown in sophistication and scale. (Download timeline the summary here)

In the timeline, note the rapid increase of attacks against network infrastructure by ransomware gangs which took off in 2020. Network devices have become a favorite initial access vector for ransomware operators because they exist in highly privileged parts of an organization and lack security tooling like EDR, while providing ample opportunity for lateral movement within the internal network and the ability to covertly route command and control traffic. 

Insecure network infrastructure is causing lots of trouble

Fundamentally, the security of network infrastructure is subpar. Insecure software and inadequate vendor responses have left IT organizations scrambling to patch a seemingly endless stream of vulnerabilities. Because the patch process can affect production traffic, remediation often lags weeks or months behind the normal patching cadence seen with desktop and server operating systems. For example, in June 2023, a 9.8 CVSS remote code execution bug was patched in Fortinet devices; three weeks later, 330K devices were still vulnerable

Fortinet serves as a case in point. Querying the NIST NVD database, we can see the number of vulnerabilities in Fortinet devices alone has gone up significantly in the past few years. As of this writing, there were a record 185 vulnerabilities discovered in 2023 (compared with 106 in 2022, 126 in 2021, and 51 in 2020, see chart below). Other network device vendors have seen similar increases in discovered vulnerabilities.

To lessen their exposure to these product vulnerabilities, organizations need to start incorporating product security evaluations into their vendor risk assessment processes. Similar to how the National Highway Traffic Safety Administration provides crash test ratings for passenger vehicles, Eclypsium provides third-party insight into the safety of IT products such as network devices. In addition, Eclypsium adds layered defenses to these devices in production, helping with vulnerability management and detection of compromise.

Additional resources

Product tour: Eclypsium Guide to Supply Chain Security
White paper: Network Infrastructure on the Front Line
Webinar: Network Infrastructure in Ransomware’s Crosshairs
Blog: A New Approach to Defending Network Infrastructure

2005

Independent security researcher Mike Lynn demonstrates the first-ever Cisco IOS rootkit at the Black Hat conference. [1][2]

2008

The FBI concludes Operation Cisco Raider, a two-year initiative to disrupt a Cisco distribution network that had sold counterfeit Cisco gear to the U.S. military and other organizations. [3]

2015

SYNful Knock malware targets Cisco IOS devices, installing an implant that provides persistent access that is difficult to detect. [4] Nation-state

Cisco warns customers about attacks that swap ROMMON remote management firmware with maliciously altered images. [5]

Juniper discloses a supply chain attack where two backdoors were implanted in its NetScreen VPN products. Researchers attribute the backdoors to the NSA. [6] Nation-state

2016

The Shadow Brokers release hacking tools from the Equation Group, thought to be the NSA. The tools contain zero-day exploits of Cisco, Fortinet, and Juniper firewalls. [7] Nation-state

2017

Wikileaks’ Vault 7 leak exposes tools used by the CIA and leads to the discovery of CVE-2017-3881 affecting 300+ Cisco routers and switches. [8] Nation-state

2018

The VPNFilter campaign infects 500K+ devices worldwide from Linksys, MikroTik, Netgear, and TP-Link. The malware has data collection and destructive capabilities, and is attributed to the Russian Sandworm threat group. [9] Nation-state

Five backdoors discovered in Cisco products raise worries about a supply chain attack. One of the backdoors is an undocumented user account with privilege level 15 that has a default username and password in Cisco IOS. [10]

2019

CVE-2018-13379 is discovered in the FortiOS SSL VPN web portal. This vulnerability is subsequently listed among CISA’s Top 12 Routinely Exploited Vulnerabilities in 2020, 2021, and 2022, underscoring the difficulty in patching network appliances. [11]

Echobot, a variant of the Mirai botnet malware, targets SCADA systems and enterprise networking gear, including Barracuda and Citrix appliances. [12]

2020

Security researchers detail a campaign targeting Citrix ADCs as entry points to disable Windows Defender and install Ragnarok ransomware on Windows machines in the network. [13] Ransomware

Criminals launch a wide-scale campaign targeting Pulse Secure VPN appliances to steal Active Directory credentials, disable endpoint security, and install REvil ransomware. [14] Ransomware

Security researchers detail the techniques of the Iranian-backed Fox Kitten campaign, whose primary method of initial access is VPN devices from Citrix, Fortinet, Palo Alto Networks, and Pulse Secure. [15] Nation-state

COVID-19 restrictions in March put a focus on the security and availability of VPN infrastructure as employees connect remotely. [16]

Sophos alerts customers to a zero-day exploit against its XG firewalls that deploys the Asnarök data-stealing trojan and then attempts to install Ragnarok ransomware. The attacks are foiled by a hotfix from the vendor. [17] Ransomware

F5 discloses its first-ever vulnerability with a CVSS of 10.0. Public exploits are available within a week and the vulnerability is widely exploited. [18]

The FBI releases IOCs for widespread Netwalker ransomware attacks that target vulnerable Pulse Secure VPN devices for initial access. [19] Ransomware

CISA issues a cybersecurity advisory to help U.S. government agencies defend against Chinese state-sponsored attack activity, which includes exploiting recent vulnerabilities in F5 BIG-IP, Citrix VPN, and Pulse Secure VPN appliances. [20] Nation-state

2021

Kaspersky details techniques used by attackers to install Cring ransomware in enterprise victims. Initial access focused on vulnerable FortiGate VPN appliances. [21] Ransomware

Multiple campaigns target vulnerabilities in Pulse Secure VPN appliances, including a zero-day (CVE-2021-22893). Mandiant tracks 12 separate malware families targeting Pulse Secure devices and also says Chinese state-sponsored groups exploit these vulnerabilities for espionage. [22][23] Nation-state

F5 publishes a security advisory containing 21 CVEs, including four critical vulnerabilities. CVE-2021-22986 is later observed as an initial access vector for Lockbit 3.0. [24] Ransomware

Dozens of critical vulnerabilities involving SQL injection, buffer overflow, out-of-bound read, etc. are discovered in SonicWall devices. Mandiant notes the ransomware group UNC2447 uses some of these exploits for initial access and persistence. [25][26] Ransomware

Hackers publish a list of credentials stolen from 87K Fortinet devices on a ransomware forum. The credentials were harvested using a vulnerability from 2018. [27] Ransomware

2022

Cyclops Blink malware targets Watchguard firewalls and ASUS routers, and is attributed to the Russian Sandworm threat group. In a court-authorized operation, the FBI disabled the botnet by removing the malware and closing external management ports on infected devices used for C2. [28] Nation-state

CVE-2022-1388 affects F5 BIG-IP devices and is listed among CISA Top 12 Routinely Exploited Vulnerabilities for 2022. [29]

The NSA releases threat hunting guidance for Citrix ADC devices targeted by APT5 as part of its espionage activities. Recommendations include checking hashes of important binaries, monitoring logs, and running YARA rules to look for specific malware used. [30] Nation-state

A critical zero-day vulnerability (CVE-2022-42475) is discovered in FortiGate firewalls during an incident investigation by the vendor. [31]

2023

March

Another Fortinet zero-day is discovered (CVE-2022-41328) being exploited by Chinese hackers (UNC3886), who use the appliances as a pivot to ESXi infrastructure and then to VM guests. [32] Nation-state

April

The U.K. National Cyber Security Centre releases a report warning of Jaguar Tooth malware targeting Cisco IOS. Nation-state

May

Security researchers observe widespread exploitation of CVE-2023-28771 in Zyxel devices to build a Mirai-based botnet. [33] Nation-state

22 Danish energy firms are compromised in a campaign that exploited CVE-2023-28771 as well as two new zero-day vulnerabilities in Zyxel devices (CVE-2023-33009 and CVE-2023-33010). The attacks were attributed to the Russian Sandworm group. [34] Nation-state

Microsoft publishes details of its investigation into the Chinese Volt Typhoon group targeting U.S. critical infrastructure. The attackers use an unknown Fortinet exploit and use routers from ASUS, Cisco, D-Link, NETGEAR, and Zyxel as proxies for C2 traffic. [35] Nation-state

In response to an ongoing campaign utilizing a zero-day vulnerability (CVE-2023-2868) against Barracuda appliances, the vendor recommends that customers return their appliances for new ones. [36] Nation-state

June

CISA directs federal agencies to either implement zero-trust for network management interfaces or remove them from the internet. [37]

July

CVE-2023-3519 is discovered as a zero-day in Citrix Netscalers and mass exploitation commences within weeks, compromising 30K+ devices. The campaign is attributed to the ransomware actor FIN8. [38] Ransomware

August

Rapid7 responds to a number of incidents involving Cisco ASA SSL VPNs, some involving ransomware gangs Akira and Lockbit. Less than two weeks later, Cisco discloses CVE-2023-20269 which is related. Ransomware

September

The NSA and the Japanese government issue a warning about the Chinese group BlackTech targeting “various brands and versions” of routers to install implants for espionage. [39] Nation-state

October

Cisco discovers a campaign exploiting two zero-day vulnerabilities (CVE-2023-20198 and CVE-2023-20273) to create admin accounts and install implants on Cisco IOS XE devices. Before a patch is available, at least 10K devices are infected. [40]

A zero-day vulnerability (CVE-2023-4966) dubbed Citrix Bleed is discovered. Mandiant reports threat activity since August, allowing attackers to hijack authenticated sessions. [41] Lockbit and ALPHV/BlackCat use Citrix Bleed to compromise numerous organizations, including Boeing, ICBC, Toyota Financial Services, DP World, and Fidelity National Financial. Ransomware

2024

January

Ivanti discloses two zero-day vulnerabilities in its Connect Secure (formerly Pulse Secure) VPN product observed to be exploited by a Chinese nation-state attacker since December. Mass exploitation begins soon after proof-of-concept code is published, while no patch is available for weeks. [42] CISA issues an emergency directive ordering federal civilian agencies to mitigate the vulnerabilities with configuration changes and an integrity checker tool. [43] Nation-state

April

ArcaneDoor Line Dancer is a memory-resident shellcode interpreter discovered on compromised Cisco Adaptive Security Appliance (ASA) devices. This implant allows attackers to upload and execute arbitrary shellcode payloads via the host-scan-reply field of WebVPN HTTP(S) POST requests, enabling unauthorized command execution without leaving traces on the disk. [44] Nation-state

June

Velvet Ant APT is a sophisticated China-nexus threat actor known for prolonged cyber-espionage campaigns. In a notable incident, they maintained access to a large organization’s on-premises network for approximately three years, exploiting vulnerabilities in legacy systems like F5 BIG-IP appliances to establish multiple footholds and evade detection. [45] Nation-state

July

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding vulnerabilities in network devices susceptible to OS command injection attacks. Exploiting these flaws allows attackers to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access, data exfiltration, and disruption of services. [46] Nation-state

October

Sophos identified a cyber-espionage campaign dubbed “Pacific Rim,” targeting organizations in the Asia-Pacific region. Attackers employed custom malware to compromise network devices, including routers and firewalls, to establish persistent access and exfiltrate sensitive information. The campaign underscores the importance of securing network infrastructure against advanced persistent threats. [47] Nation-state

CISA added a critical security flaw impacting Fortinet products to its KEV catalog, citing evidence of active exploitation. The high severity vulnerability, tracked as CVE-2024-23113, relates to a case of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb.

November

Salt Typhoon is a Chinese state-sponsored cyber threat group that has targeted critical infrastructure, particularly in the telecommunications sector. The group exploited vulnerabilities in Cisco networking equipment, such as core routers and other infrastructure devices integral to Internet Service Providers (ISPs). These devices were leveraged to infiltrate and maintain persistent access to networks, enabling unauthorized monitoring and potential data exfiltration. [48] Nation-state

Attackers exploit a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from other vendors to PAN-OS. This security flaw (CVE-2024-5910) can be remotely exploited to reset application admin credentials on Internet-exposed Expedition servers.

2025

January

J-Magic Campaign targets carrier-grade Juniper routers with a custom backdoor based on the open-source cd00r tool. Discovered by Black Lotus Labs, the campaign involved attackers configuring the malware to listen for incoming “Magic Packets” on the network, then establishing reverse shells for persistent access. The attacks primarily targeted telecommunications carriers and internet service providers running enterprise-grade network infrastructure. [49] Nation-state

Palo Alto Networks NGFW Vulnerabilities are disclosed by Eclypsium researchers who discovered multiple security issues in three firewall appliances: PA-3260, PA-1410, and PA-415. The findings include bootloader vulnerabilities (BootHole), InsydeH20 UEFI flaws, and security misconfigurations. Researchers warn that attackers could chain exploits to bypass Secure Boot and install persistent malware in the boot process. [50] Nation-state

March

UNC-3886 TINYSHELL Attack involves Chinese APT group UNC-3886 deploying custom TINYSHELL-based backdoors on Juniper MX-series routers. Mandiant identified at least six malware variants designed to evade detection on devices lacking traditional security monitoring. The attackers bypassed Juniper’s veriexec protection through process memory injection, now tracked as CVE-2025-21590, targeting telecommunications carriers and ISPs. [51] Nation-state

Silk Typhoon Targets IT Supply Chain by exploiting CVE-2025-0282, a remotely exploitable stack-based buffer overflow in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Microsoft Threat Intelligence reports the Chinese espionage group is targeting common IT infrastructure providers including Ivanti, Citrix, Palo Alto, and Microsoft itself, using supply chain attacks for broad access to downstream targets. [52] Nation-state

June

Salt Typhoon Breaches Canadian Telcos and Viasat by exploiting CVE-2023-20198, a critical Cisco IOS XE vulnerability. The Chinese APT created administrative accounts and configured GRE tunnels for persistent access and data collection. The Viasat breach marks a significant escalation beyond traditional terrestrial telecom targets, demonstrating that this 18-month-old flaw remains a primary attack vector against satellite communications infrastructure. [53] Nation-state

July

Netgear Firmware Vulnerabilities in Enterprise IoT Devices pose significant risks as eight CVEs affecting Netgear products have been added to the CISA KEV catalog, confirming active exploitation. Chinese APT groups like Volt Typhoon have been observed compromising SOHO routers, including Netgear models, to establish proxy infrastructure for stealthy attacks on critical infrastructure. With over 500 security advisories released by Netgear, these devices remain attractive targets due to their dual connectivity bridging internal networks to the internet, lack of monitoring, and complex firmware supply chains. [54] Nation-state/IoT

August

CISA/FBI Release Salt Typhoon Defense Guidance in Cybersecurity Advisory AA25-239A, detailing specific CVEs in Cisco and Palo Alto equipment being targeted by Chinese APTs. The guidance includes specific recommendations for protecting firmware from attacks and represents an enormous step forward in attribution, providing defenders with detailed TTPs for defending against PRC-sponsored threat groups targeting network infrastructure. [55] Nation-state

Cisco ASA Scanning Surge observed by GreyNoise shows over 25,000 unique IPs probing Cisco Adaptive Security Appliance login portals in a single burst, far exceeding the normal baseline of fewer than 500 per day. The anomalous activity suggests coordinated reconnaissance ahead of potential vulnerability exploitation. With over 113,000 ASA devices exposed to the public internet, the risk to organizations is dramatically amplified. [56] Reconnaissance

September

EOL Device Exploitation Campaigns target end-of-life network devices including Cisco Small Business RV routers, Linksys LRT series, and Araknis Networks equipment. The FBI warns that Russian government spies exploited a seven-year-old bug in end-of-life Cisco devices to access American critical infrastructure networks. Attackers continue using techniques ranging from latest zero-days to exploits that are 15 years or older. [57] Nation-state

CISA ED 25-03: Cisco ASA Compromises lead to mandates that federal agencies patch CVE-2025-20333 (remote code execution) and CVE-2025-20362 (privilege escalation) in Cisco ASA devices by October 2nd. The emergency directive is linked to ongoing ArcaneDoor campaign activity. Attackers have demonstrated capability to modify ASA ROM for persistence through reboots and system upgrades, requiring urgent forensic triage and patching. [58] Nation-state

RedNovember Attack Campaign disclosed by Recorded Future’s Insikt Group exploits network edge devices including SonicWall, Cisco, Palo Alto, Fortinet, and Ivanti equipment to breach government and defense organizations. The campaign demonstrates increased targeting of VPNs, firewalls, load balancers, and virtualization infrastructure. Attackers combine weaponized proof-of-concept exploits with open-source post-exploitation frameworks, lowering barriers for less-capable threat actors. [59] Nation-state

October

Cisco SNMP Vulnerability CVE-2025-20352 is actively exploited in the wild, affecting up to 2 million Cisco IOS and IOS XE devices globally. Added to CISA KEV on September 29th, this stack overflow vulnerability in the SNMP subsystem enables authenticated remote attackers to trigger denial-of-service or execute code as root. The exploitation pattern mirrors tactics of APT groups like Volt Typhoon and Velvet Ant. [60] Nation-state

F5 BIG-IP Security Incident disclosed after nation-state actors (reportedly China-linked UNC5221) maintained persistent access to F5’s development network. Attackers exfiltrated source code and details on 44 undisclosed vulnerabilities. CISA issued Emergency Directive 26-01 mandating federal agencies inventory and patch all BIG-IP systems. The breach highlights growing risk of supply chain compromises targeting network infrastructure vendors. [61] Nation-state

December

Fortinet FortiCloud SSO Authentication Bypass (CVE-2025-59718 & CVE-2025-59719) allows unauthenticated attackers to bypass FortiCloud SSO login authentication using crafted SAML messages. With a critical CVSS score of 9.1, the flaws affect multiple Fortinet products where FortiCloud SSO is enabled. Arctic Wolf observed malicious activity shortly after disclosure, with attackers stealing system configuration files containing sensitive network topology and credential material. CISA added CVE-2025-59718 to the KEV catalog. [62] Nation-state

SonicWall SMA1000 Zero-Day Chain (CVE-2025-40602 + CVE-2025-23006) demonstrates how attackers combine vulnerabilities for maximum impact. The medium-severity local privilege escalation flaw CVE-2025-40602 is being chained with CVE-2025-23006, a pre-auth deserialization bug, to achieve unauthenticated remote code execution with root privileges. CISA added CVE-2025-40602 to the KEV catalog based on active exploitation in the wild. [63] Nation-state

  1. The Holy Grail: Cisco IOS Shellcode And Exploitation Techniques, Michael Lynn, July 2008
  2. An Insider’s View of ‘Cisco-gate’, WIRED, August 2005
  3. FBI probe discovers counterfeit kit in US military networks, The Register, May 2008
  4. SYNful Knock
  5. Attackers are hijacking critical networking gear from Cisco, company warns, Ars Technica, August 2015
  6. Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA, WIRED, December 2015
  7. Equation Group exploit hits newer Cisco ASA, Juniper Netscreen, The Register, August 2016
  8. The Wikileaks Vault 7 Leak – What We Know So Far, Cisco Blogs, March 2017
  9. VPNFilter
  10. Backdoors Keep Appearing In Cisco’s Routers, Tom’s Hardware, July 2018 
  11. 2022 Top Routinely Exploited Vulnerabilities, CISA, August 2023
  12. Echobot Malware Now up to 71 Exploits, Targeting SCADA, F5 Labs, December 2019
  13. Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender, Bleeping Computer, January 2020
  14. VPN warning: REvil ransomware targets unpatched Pulse Secure VPN servers, ZDNet, January 2020
  15. Fox Kitten Campaign Widespread Iranian Espionage-Offensive Campaign, Clearsky Cybersecurity, February 2020
  16. Cybersecurity Advisory: Enterprise VPN Security, CISA, April 2020
  17. Hackers tried to use Sophos Firewall zero-day to deploy Ransomware, Bleeping Computer, May 2020
  18. Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902, CISA, July 2020
  19. FBI Flash: Indicators Associated with Netwalker Ransomware, FBI, July 2020
  20. Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity, CISA, December 2020
  21. Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacks, Kaspersky, April 2021
  22. Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day, Mandiant, April 2021
  23. Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices, Mandiant, May 2021
  24. LockBit: Access, Encryption, Exfiltration, & Mitigation, November 2023
  25. UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat, Mandiant, April 2021 
  26. SonicWall Zero-Day Exploited by Ransomware Group Before It Was Patched, SecurityWeek, April 2021
  27. Fortinet warns customers after hackers leak passwords for 87,000 VPNs, The Record, September 2021
  28. Justice Department Announces Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU), U.S. Department of Justice, April 2022.
  29. 2022 Top Routinely Exploited Vulnerabilities, CISA, August 2023
  30. APT5: Citrix ADC Threat Hunting Guidance, NSA, December 2022
  31. We’re Out of Titles for VPN Vulns—It’s Not Funny Anymore, WatchTowr, January 2023
  32. Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation, Mandiant, March 2023
  33. Hackers exploit critical Zyxel firewall flaw in ongoing attacks, BleepingComputer, May 2023
  34. Russian Hackers Linked to ‘Largest Ever Cyber Attack’ on Danish Critical Infrastructure, The Hacker News, November 2023
  35. Volt Typhoon targets US critical infrastructure with living-off-the-land techniques, Microsoft, May 2023
  36. Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China, Mandiant, June 2023
  37. BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces, CISA, June 2023
  38. Attacks on Citrix NetScaler systems linked to ransomware actor, BleepingComputer, July 2023
  39. People’s Republic of China-Linked Cyber Actors Hide in Router Firmware, NSA, September 2023
  40. “Cisco buried the lede.” >10,000 network devices backdoored through unpatched 0-day, ArsTechnica, October 2023
  41. Remediation for Citrix NetScaler ADC and Gateway Vulnerability (CVE-2023-4966), Mandiant, October 2023
  42. Ivanti Connect Secure VPN Exploitation Goes Global, Volexity, January 2024
  43. ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities, CISA, January 2024
  44. ArcaneDoor – New espionage-focused campaign found targeting perimeter network devices, Cisco Talos, April 2024
  45. China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices, Hacker News, June 2024
  46. CISA, FBI Warn of OS Command-Injection Vulnerabilities, Dark Reading, July 2024
  47. Sophos reveals 5-year battle with Chinese hackers attacking network devices, Bleeping Computer, October 2024
  48. Chinese Salt Typhoon Hacked T-Mobile in US Telecom Breach Spree, Hack Read, November 2024
  49. Juniper Routers, Network Devices Targeted with Custom Backdoors, Eclypsium, March 2025
  50. Eclypsium finds security issues in Palo Alto Networks NGFWs, TechTarget, January 2025
  51. Juniper Routers, Network Devices Targeted with Custom Backdoors, Eclypsium, March 2025
  52. Silk Typhoon Targeting IT Supply Chains and Network Devices, Microsoft Reports, March, 2025
  53. The Cisco Vulnerability Salt Typhoon Weaponized Against Canadian Telcos and Viasat, Eclypsium, June 2025
  54. Vulnerabilities in Netgear Firmware-Based IoT Devices In The Enterprise, Eclypsium, July 2025
  55. New Salt Typhoon Defense Guidance from FBI and CISA, Eclypsium, August 2025
  56. Surge in Cisco ASA Scanning Hints At Coming Cyberattacks, Eclypsium, September 2025
  57. EOL Devices: Exploits Will Continue Until Security Improves, September 2025
  58. CISA ED 25-03 Warns of Cisco ASA Device Compromises, Eclypsium, September 2025
  59. The Hunt for RedNovember: A Depth Charge Against Network Edge Devices, Eclypsium, September 2025
  60. Cisco SNMP Vulnerability CVE-2025-20352 Exploited in the Wild, Eclypsium, October 2025
  61. F5 Systems Compromised, BIG IP Vulnerabilities Exfiltrated: What To Do Next, Eclypsium, October 2025
  62. 2025: The Year of Network Device Exploitation Adds Three More, Eclypsium, December 2025
  63. 2025: The Year of Network Device Exploitation Adds Three More, Eclypsium, December 2025

Back to Blog
Related Blogs
View all
Blog

Fortinet Under Fire: Why Your Network Edge Remains Attackers' Favorite Entry Point

Read more
Blog

We X-Rayed A Suspicious FTDI USB Cable

Read more
Blog

2025: The Year of Network Device Exploitation Adds Three More

Read more
Blog

The Hitch-hacker’s Guide to the Galaxy’s Edge: 2025 in Cyber Stats

Read more
© 2025 Eclypsium, Inc.