Articles tagged "Cisco"

Found 52 articles

Researchers at Cisco Talos have identified a new campaign by a Russian-speaking group known as UAT-11795, which is distributing fake installers for popular applications like Zoom, Webex, and MobaXterm. These malicious installers are designed to deliver the Starland Remote Access Trojan (RAT) and a memory-only implant called WLDR. The campaign has been targeting users primarily in the United States and Europe. This is concerning as it highlights the ongoing threat posed by financially motivated cybercriminals who exploit trusted software to gain access to sensitive systems. Users should be wary of downloading software from unofficial sources and ensure they are using legitimate installation files to protect against such attacks.

Read Original
Actively Exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability, CVE-2008-4128, to its Known Exploited Vulnerabilities Catalog. This vulnerability affects Cisco IOS and is associated with cross-site request forgery, which allows attackers to exploit vulnerable systems. It poses significant risks, particularly for federal agencies, as it can lead to total control over affected assets after exploitation. CISA's Binding Operational Directive 26-04 emphasizes the need for federal agencies to prioritize rapid remediation of such high-risk vulnerabilities. While this directive primarily applies to federal agencies, CISA encourages all organizations to adopt similar practices for managing vulnerabilities effectively. Agencies are also urged to check for any compromises before applying patches to mitigate risks.

Read Original
Actively Exploited

Cisco Talos has reported that a Chinese cyber espionage group, identified as APT UAT-7810, is expanding its proxy relay network by deploying new malware. This development raises concerns about the group's capabilities to conduct more extensive surveillance and data exfiltration activities. The increased use of proxies can help attackers mask their origin while facilitating access to targeted networks. Organizations should be vigilant, as this activity suggests that the group is actively seeking new methods to bypass security measures. The implications of this malware expansion could impact various sectors, especially those involving sensitive information or critical infrastructure.

Read Original

Recent reports have surfaced regarding the use of AI to generate recipes for illicit drugs, including cocaine, which raises serious concerns about the potential for increased drug production and trafficking. Additionally, a Russian hacking group has been implicated in a series of cyberattacks targeting various organizations, showcasing their ongoing efforts to exploit vulnerabilities for espionage and financial gain. Meanwhile, the cybersecurity group known as Scattered Spider has been linked to multiple incidents involving data breaches and ransomware attacks, further complicating the security landscape. Companies like Cisco and Amazon have also found themselves in the spotlight as new vulnerabilities have been identified in their systems, prompting urgent calls for updates and patches to safeguard user data. The combination of these threats emphasizes the need for heightened security measures across industries to protect against both physical and digital dangers.

Read Original
Actively Exploited

A significant security vulnerability in Cisco's Catalyst SD-WAN Manager has been exploited by attackers months before its public disclosure. The flaw, which was revealed in early June, was reportedly being used in attacks as early as March. This situation raises serious concerns for organizations using Cisco's SD-WAN technology, as they may have been at risk for an extended period without knowledge of the threat. Companies are urged to review their systems and apply any available patches to mitigate potential risks. The exploitation of this vulnerability highlights the importance of timely disclosures and the need for vigilance in monitoring systems for suspicious activity.

Read Original
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure

Security Affairs

Actively Exploited

A serious vulnerability in Cisco Catalyst SD-WAN, identified as CVE-2026-20245, has been exploited by hackers for months before it was publicly disclosed. This flaw, which has a CVSS score of 7.8, allows authenticated attackers to execute privileged commands on affected systems. Google-owned Mandiant reported that the exploitation occurred at least two months prior to the disclosure, raising concerns about the security of networks using this technology. Organizations using Cisco Catalyst SD-WAN should take immediate action to secure their systems, as this vulnerability poses a significant risk to network integrity. The incident serves as a reminder of the importance of timely disclosure and patch management in cybersecurity.

Read Original
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

The Hacker News

Actively Exploited

A recently discovered vulnerability in Cisco Catalyst SD-WAN has been exploited by an unknown attacker for at least two months before its public disclosure. This security flaw, identified as CVE-2026-20245, has a high severity rating of 7.8 and allows an authenticated local attacker to execute arbitrary commands with elevated privileges. This means that if an attacker gains access to a system, they could potentially take control of critical functions within the network. Companies using Cisco Catalyst SD-WAN should be aware of the risk posed by this vulnerability and take immediate action to protect their systems. The findings from Mandiant underscore the importance of timely patching and monitoring for unusual activity in network environments.

Read Original

Mandiant has reported on a serious vulnerability in Cisco's Catalyst SD-WAN, identified as CVE-2026-20245, which has been exploited by hackers to gain root access to affected devices. This zero-day attack allows attackers to create unauthorized root accounts, compromising network security for organizations using this technology. The vulnerability poses a significant risk to businesses relying on Cisco's SD-WAN solutions, as it can lead to unauthorized access and potential data breaches. Companies should urgently assess their systems for this vulnerability and implement necessary security measures to protect their networks.

Read Original

A newly discovered vulnerability, CVE-2026-20230, affects Cisco's Unified Communications Manager (Unified CM) and is currently being exploited in the wild. This issue is a server-side request forgery (SSRF) flaw that allows attackers to drop webshells and execute code remotely on the affected servers. According to threat intelligence firm Defused, automated attacks have been observed using the Tor network to deploy these webshells. The exploitation process involves abusing the WebDialer SSRF to install a malicious Apache Axis service, which then facilitates the execution of further malicious payloads. Organizations using Cisco Unified CM should be aware of this security threat and take steps to mitigate potential risks.

Read Original

A serious security flaw has been discovered in Cisco Unified Communications Manager (Unified CM) and its Session Management Edition (Unified CM SME). The vulnerability, identified as CVE-2026-20230, has a CVSS score of 8.6, indicating its severity. It involves improper input validation for specific HTTP requests, which could allow attackers to execute commands remotely without authentication. This means that unauthorized individuals could potentially gain root access to affected systems. Companies using these Cisco products need to act quickly to protect their networks, as the flaw is already being exploited in the wild.

Read Original
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks

BleepingComputer

Actively Exploited

A serious vulnerability, identified as CVE-2026-20230, has been discovered in Cisco's Unified Communications Manager Server. This Server-Side Request Forgery (SSRF) flaw is currently being exploited by attackers, raising concerns for organizations using this software. The vulnerability could allow malicious actors to manipulate requests sent from the server, potentially leading to unauthorized access to sensitive systems. Companies that rely on Cisco's Unified Communications infrastructure need to prioritize patching their systems to protect against these active exploits. As the situation evolves, it is crucial for affected users to stay informed and take immediate action to mitigate risks.

Read Original

Cisco has addressed a significant vulnerability in its Identity Services Engine (ISE) that could allow attackers to execute commands on the underlying operating system with elevated privileges. This flaw stems from inadequate validation of user input, making it easier for malicious actors to gain root access. Organizations using Cisco ISE should prioritize applying the latest security patches to mitigate this risk. If left unaddressed, this vulnerability could lead to unauthorized access and potentially severe security breaches. Ensuring that systems are updated is crucial for maintaining the overall security posture against such threats.

Read Original
CVE-2026-20262: CISCO Catalyst SD-WAN Flaw Under Active Targeted Exploitation

Security Affairs

Actively Exploited

Cisco has issued a warning about a vulnerability in its Catalyst SD-WAN Manager, designated CVE-2026-20262. This flaw allows attackers to write arbitrary files through the web interface, potentially compromising the system's integrity. Cisco confirmed that this vulnerability is currently being actively exploited, which raises significant concerns for organizations using affected systems. The vulnerability has a CVSS score of 6.5, indicating a moderate level of risk. Companies utilizing the Catalyst SD-WAN Manager should prioritize assessing their systems for this vulnerability and implement necessary security measures to protect against potential attacks.

Read Original

Cisco has issued security updates to address a medium-severity vulnerability in its Catalyst SD-WAN Manager, previously known as SD-WAN vManage. The flaw, identified as CVE-2026-20262, has a CVSS score of 6.5 and has been reported as actively exploited in the wild. This vulnerability affects the web user interface, allowing authenticated remote attackers to create files, which could lead to further compromise of the system. Given that this software is widely used for managing SD-WAN deployments, organizations utilizing this product should prioritize applying the latest updates to mitigate potential risks. The active exploitation of this flaw emphasizes the importance of maintaining up-to-date security measures in network management solutions.

Read Original

A recent study by Cisco has revealed that multi-turn prompt injection attacks pose a significant risk to major AI models. These attacks are not effectively measured by success rates from single-turn interactions, which may mislead developers about the safety of their systems. The findings suggest that attackers can manipulate conversations with AI models over multiple exchanges, potentially leading to unintended responses or actions. This vulnerability impacts various AI systems that rely on conversational capabilities, raising concerns about the security of user data and the integrity of AI-generated content. Developers and organizations using these models need to reassess their security measures to protect against these sophisticated attack methods.

Read Original
Page 1 of 4Next