CVE-2026-35616 (CVSS 7.5, EPSS 97th percentile) is associated with active JDY botnet scanning activity, and Cisco RV320/RV325 routers are among the SOHO device families reported as targets. The JDY botnet is linked with medium-high confidence to Chinese state-sponsored actors including Volt Typhoon. Note: a source-level discrepancy exists associating this CVE with Fortinet FortiClient EMS rather than SOHO devices in two tier-3 sources; the CVE-to-Cisco-product mapping carries medium confidence pending NVD or CISA KEV confirmation. Organizations should treat internet-facing Cisco RV320/RV325 devices as at elevated risk based on campaign targeting data while authoritative CVE attribution is resolved.