A recent study by Cisco has revealed that multi-turn prompt injection attacks pose a significant risk to major AI models. These attacks are not effectively measured by success rates from single-turn interactions, which may mislead developers about the safety of their systems. The findings suggest that attackers can manipulate conversations with AI models over multiple exchanges, potentially leading to unintended responses or actions. This vulnerability impacts various AI systems that rely on conversational capabilities, raising concerns about the security of user data and the integrity of AI-generated content. Developers and organizations using these models need to reassess their security measures to protect against these sophisticated attack methods.
Articles tagged "Cisco"
Found 38 articles
SCM feed for Latest
Cisco's recent research has raised concerns about the reliability of AI-generated security incident reports. The study found that large language models (LLMs) can produce inconsistent results, even when querying the same data. This variability can lead to confusion and mistakes in understanding security incidents, which is critical for organizations relying on accurate reporting for their security posture. The findings suggest that companies using AI for cybersecurity reporting need to be cautious and verify the data produced by these systems, as discrepancies could hinder effective incident response. As AI becomes more integrated into security operations, ensuring its accuracy will be vital for maintaining trust and effectiveness in cybersecurity efforts.
Help Net Security
Last week, Cisco released a patch for a zero-day vulnerability affecting its SD-WAN product. This flaw could allow attackers to gain unauthorized access to the network and potentially disrupt services. Meanwhile, a previously unpatched vulnerability in Microsoft Exchange Server has been actively exploited by attackers, putting many organizations at risk. These incidents highlight the ongoing challenges companies face in securing their systems against evolving threats. It’s crucial for affected users to apply the latest patches and take proactive measures to protect their networks.
Help Net Security
CVE-2026-20182Cisco has released a patch for a serious security vulnerability (CVE-2026-20182) affecting its Catalyst SD-WAN solutions. This flaw allows attackers to bypass authentication in both the Catalyst SD-WAN Controller and the Catalyst SD-WAN Manager, which are critical components for managing SD-WAN deployments. The vulnerability has been actively exploited by a sophisticated cyber threat actor, putting both on-premises and cloud users at risk. Organizations using these Cisco products should prioritize applying the patch to safeguard their networks from potential breaches. Failure to address this vulnerability could lead to unauthorized access and significant security incidents.
Cisco has released a patch for a newly discovered zero-day vulnerability, identified as CVE-2026-20182, which has been actively exploited in targeted attacks. This vulnerability affects Cisco’s SD-WAN products and has been linked to a sophisticated threat actor known as UAT-8616. The exploitation of this flaw marks the sixth zero-day incident involving Cisco in 2026, raising concerns about the security of their products. Companies using Cisco SD-WAN solutions should prioritize applying the latest patches to protect against potential breaches. The ongoing exploitation of this vulnerability highlights the need for vigilance in cybersecurity practices.
A serious vulnerability in Cisco's SD-WAN network control system has been actively exploited, marking the second time this year that attackers have taken advantage of a CVSS 10.0 flaw. This critical bug poses a significant risk as it allows unauthorized access to the network, potentially compromising sensitive data and systems. Organizations using Cisco SD-WAN solutions should be particularly vigilant, as the severity of this vulnerability makes it a prime target for malicious actors. It's crucial for affected users to stay informed about the latest security updates and apply any available patches to mitigate risks associated with this vulnerability.
Cisco has addressed several serious vulnerabilities in its enterprise products, particularly in Unity Connection. These flaws, identified as CVE-2026-20034 and CVE-2026-20035, could allow attackers to execute code, perform server-side request forgery (SSRF), or disrupt services. If exploited, these vulnerabilities could have significant implications for organizations using affected Cisco products, potentially leading to unauthorized access or service outages. Cisco has released patches to fix these issues, urging users to update their systems promptly to mitigate risks associated with these high-severity vulnerabilities.
Cisco's AI security researchers have discovered a vulnerability in vision-language models (VLMs) that could be exploited by attackers using subtle pixel-level changes in images. These small alterations can mislead the models into producing incorrect outputs without being noticeable to human observers. This poses significant risks for industries that rely on VLMs, such as autonomous vehicles and security systems, where accurate visual interpretation is crucial. The findings suggest that companies using these AI systems should review their security measures to prevent potential exploitation. As AI continues to integrate into various applications, understanding and mitigating such vulnerabilities becomes increasingly important.
Cisco has announced its plan to acquire Astrix Security, a move aimed at improving its identity-centric security solutions, particularly for managing non-human identities like those used by AI systems and machines. This acquisition is part of Cisco's broader strategy to enhance security measures in an increasingly automated and interconnected environment. By integrating Astrix's technology, Cisco aims to better protect organizations from potential risks associated with machine access and identity misuse. This is important as businesses increasingly rely on AI and automated systems, which can introduce unique security challenges. The deal underscores the growing focus on securing these non-human identities to prevent unauthorized access and data breaches.
A U.S. federal agency has reported that a Cisco firewall has been compromised by a backdoor malware known as 'Firestarter'. This malware gives attackers remote access and control over the infected device and is designed to persist even after security patches are applied. The incident raises significant concerns about the security of federal networks, especially given the critical role firewalls play in protecting sensitive information. As agencies rely on these devices to safeguard their data, the presence of such malware could expose them to further attacks. Users and organizations using Cisco firewalls need to be vigilant and ensure their systems are updated and monitored for unusual activity.
The Cybersecurity and Infrastructure Security Agency (CISA) has added eight vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, with five of these already being exploited in the wild. The affected products include those from Cisco, Kentico, and Zimbra. Organizations using these systems are urged to address these vulnerabilities promptly to prevent potential attacks. The exploitation of these flaws poses significant risks, as they can allow attackers to gain unauthorized access or execute malicious actions on affected systems. Companies need to prioritize patching and updating their software to mitigate these risks effectively.
Cisco has released patches for critical vulnerabilities found in its Webex and Identity Services Engine (ISE) products. These flaws could allow attackers to exploit the systems remotely, potentially impersonating users or executing unauthorized commands on the operating system. This poses a significant risk to organizations using these platforms, as it could lead to unauthorized access and data breaches. Users of Webex and ISE should prioritize applying these updates to safeguard their systems and data against potential attacks. Keeping software up to date is crucial in maintaining cybersecurity hygiene.
Researchers from Cisco Talos have found that attackers are exploiting the email notification systems of popular SaaS platforms like GitHub and Jira to distribute phishing and spam emails. By sending these malicious emails from the platforms' own servers, the attackers bypass standard email security measures such as SPF, DKIM, and DMARC. This tactic allows them to deliver phishing messages that appear legitimate, effectively tricking users into engaging with the content. This incident raises serious concerns for organizations using these platforms, as it highlights a potential vulnerability in their email communication processes. Users of GitHub and Jira should be particularly vigilant about unexpected emails, even if they seem to come from trusted sources.
Help Net Security
Wireless networks in enterprises are becoming more complex, supporting a variety of devices and applications. However, this has led to a rise in security incidents, as highlighted by the 2026 Cisco State of Wireless report. Organizations are facing increased incident rates and higher costs, yet many are still investing heavily in wireless technology. Despite the growing risks, there seems to be a disconnect as IT professionals are not addressing these security challenges effectively. This situation raises concerns about the potential vulnerabilities within enterprise networks, making it crucial for organizations to reassess their security strategies.
The Hacker News
CVE-2025-55182A significant credential harvesting campaign has been detected, utilizing the React2Shell vulnerability (CVE-2025-55182) to gain access to sensitive data from 766 Next.js hosts. Attackers are stealing various credentials, including database logins, SSH private keys, AWS secrets, Stripe API keys, and GitHub tokens. This operation has been linked to a threat group that Cisco Talos is monitoring. The widespread nature of this breach is concerning, as it affects a range of developers and companies using Next.js, potentially compromising their applications and user data. Companies need to be vigilant and take immediate steps to secure their systems against this threat.