[kyrra]

There is a separate thread here on HN about this[0], though most of the discussion is around the original editorialized title for the article.

If you read the "Exploitation and Public Announcements" section of the Cisco publication, it meantions the source was another CVE from a month ago[1].

[0] https://news.ycombinator.com/item?id=12540692

[1] http://blogs.cisco.com/security/shadow-brokers