Kernel‑Bypass Risk Spike
Security teams are warning that end‑of‑life edge routers, firewalls and VPNs remain widely deployed and are prime targets — a fast exploit cycle means patching delays can be catastrophic for trading infra that uses DPDK/XDP or custom kernel bypass stacks. The warnings come alongside Cisco Talos and CISA advisories urging immediate patch discipline to limit ransomware and data‑exfiltration windows. (cybersecuritydive.com)
VulnCheck’s 2026 State of Exploitation report found that 42.5% of vulnerabilities exploited in 2025 affected devices that were end‑of‑life or likely end‑of‑life, and the research notes active exploitation frequently precedes CVE assignment. (vulncheck.com) CISA’s Binding Operational Directive BOD 26‑02 requires federal agencies to inventory edge devices within three months, decommission devices already at end‑of‑support within 12 months, replace remaining EOS edge devices within 18 months, and establish continuous discovery within 24 months. (storage.printfriendly.com) Cisco and Talos have tied recent active campaigns to rapid weaponization of edge bugs, with Cisco warning of ongoing attacks against Secure Firewall products and Talos publishing broad vulnerability tracking (26 open reported zero‑days, 57 publicly disclosed vulnerabilities in their dashboard). (sec.cloudapps.cisco.com) Recent exploit activity includes Interlock ransomware abusing a critical Cisco FMC flaw (reported as CVE‑2026‑20131, CVSS 10.0) with industry trackers estimating tens of thousands of potentially at‑risk firewall instances exposed. (thehackernews.com) Kernel‑bypass stacks have their own vulnerability history: DPDK vhost CVEs such as CVE‑2024‑11614 and AF_XDP/XDP kernel fixes (for issues tracked in 2024–2025 like CVE‑2025‑37920 and related AF_XDP race/null‑pointer bugs) have required urgent kernel and library patches. (cvedetails.com) CISA’s mitigation guidance and allied government fact sheets explicitly recommend maintaining an accurate asset inventory, removing internet‑facing management access, and applying compensating controls such as network segmentation and restricted management networks — measures that directly reduce lateral‑movement risk into low‑latency clusters. (cisa.gov) Industry response patterns emphasize immediate patching plus short‑term compensations for trading environments: vendor advisory upgrades, IDS/signature updates from threat intelligence teams like Talos, and isolating kernel‑bypass hosts (dedicated VLANs/management planes or out‑of‑band consoles) pending hardware replacement under BOD timelines. (sec.cloudapps.cisco.com)
