Tag: cisco
-
Storm-2561 lures victims to spoofed VPN sites to harvest corporate logins
Attackers linked to Storm-2561 use SEO-poisoned search results to lure users to fake Ivanti, Cisco, and Fortinet VPN sites that steal corporate login credentials. In mid-January 2026, Microsoft Defender Experts uncovered a credential-theft campaign attributed to Storm-2561. Threat actor is spreading fake enterprise VPN clients impersonating Ivanti, Cisco, and Fortinet software. By poisoning search engine…
-
Update, March 13: Talos on the developing situation in the Middle East
Cisco Talos updates this blog with additional IOCs, guidance, recommendations and timelines as of March 10, 2026. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/talos-developing-situation-in-the-middle-east/
-
Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos
The excitement around Cisco’s latest SD-WAN bugs has inspired some light fraud, misunderstandings, and overlooked risks. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/fake-pocs-risks-cisco-sd-wan
-
Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos
The excitement around Cisco’s latest SD-WAN bugs has inspired some light fraud, misunderstandings, and overlooked risks. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/fake-pocs-risks-cisco-sd-wan
-
Credential-stealing crew spoofs VPN clients from Cisco, Fortinet, and others
And then they send victims to the legit VPN download to hide their tracks First seen on theregister.com Jump to article: www.theregister.com/2026/03/13/vpn_clients_spoofed/
-
Fake enterprise VPN sites used to steal company credentials
A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-enterprise-vpn-downloads-used-to-steal-company-credentials/
-
Fake enterprise VPN sites used to steal company credentials
A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-enterprise-vpn-downloads-used-to-steal-company-credentials/
-
Fake enterprise VPN downloads used to steal company credentials
A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-enterprise-vpn-downloads-used-to-steal-company-credentials/
-
US Agencies Face CISA Deadline Over Critical Cisco SD-WAN Flaw
US agencies race to meet a CISA deadline after a critical Cisco SD-WAN Flaw exposed federal networks to long-term intrusion and forced security action. First seen on hackread.com Jump to article: hackread.com/us-agencies-cisa-deadline-critical-cisco-sd-wan-flaw/
-
USENIX Security ’25 (Enigma Track) “¢ Inside Out: Security Designed With, Not For
Tags: ciscoPresenter: Kausalya Ganesh, Cisco Systems, Inc Our thanks to USENIX Security ’25 (Enigma Track) (USENIX ’25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security ’25 (Enigma Track) (USENIX ’25 content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/usenix-security-25-enigma-track-inside-out-security-designed-with-not-for/
-
CISA Issues Emergency Directive Over Exploited Cisco SD-WAN Flaws
CISA issued urgent directive as attackers exploit Cisco SD-WAN flaw granting admin access to networks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-cisco-sd-wan-flaws-directive/
-
Update, March 10: Talos on the developing situation in the Middle East
Cisco Talos updates this blog with additional IOCs, guidance, recommendations and timelines as of March 10, 2026. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/talos-developing-situation-in-the-middle-east/
-
Hacker FreeAll Over Cisco SD-WAN Flaw
Three-Year Old Zero-Day Under Mass Attack. A flaw in Cisco Software-defined network management software has become a hacker free-for-all, warn cybersecurity experts. The flaw allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on the affected system. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hacker-free-for-all-over-cisco-sd-wan-flaw-a-30946
-
PQC roadmap remains hazy as vendors race for early advantage
Tags: attack, cisco, communications, control, crypto, cryptography, data, encryption, finance, firmware, gartner, google, grc, guide, Hardware, healthcare, identity, infrastructure, monitoring, network, nist, risk, software, technology, threat, tool, vpn, vulnerabilitySome are already ahead as the migration question looms: One of the earliest vendors to operationalize cryptographic discovery specifically for PQC readiness was Sandbox AQ, which emerged from Google’s quantum research efforts. As early as 2022, the company argued that enterprises needed to inventory cryptography assets long before post-quantum algorithms could be deployed at scale.Initially…
-
China-Linked Hackers Use Malware Trio for Telecom Espionage
Tags: access, china, cisco, communications, cyberespionage, espionage, group, hacker, infrastructure, malware, tool, usaResearchers Tie UAT-9244 Intrusion to Famous Sparrow and Tropic Trooper. A China-linked cyberespionage group has been targeting telecommunications providers in South America since 2024 using a set of newly discovered malware tools designed to maintain persistent access to critical communications infrastructure, Cisco Talos researchers found. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/china-linked-hackers-use-malware-trio-for-telecom-espionage-a-30940
-
Cisco flags ongoing exploitation of two recently patched Catalyst SD-WAN flaws
Cisco warns that two recently patched Catalyst SD-WAN flaws, CVE-2026-20128 and CVE-2026-20122, are already being actively exploited in the wild. Cisco warned customers that threat actors are actively exploiting two recently patched Catalyst SD-WAN vulnerabilities, CVE-2026-20128 and CVE-2026-20122. The networking giant urged organizations to apply the latest security updates to reduce the risk of compromise.…
-
Cisco warns of two more SD-WAN bugs under active attack
Switchzilla says flaws could allow file overwrites or privilege escalation First seen on theregister.com Jump to article: www.theregister.com/2026/03/06/cisco_sdwan_bugs/
-
Cisco Patches 48 Firewall Vulnerabilities with Two CVSS 10 Flaws
Cisco patches 48 vulnerabilities in Secure Firewall products, including two critical CVSS 10 flaws that could allow authentication bypass and remote code execution. First seen on hackread.com Jump to article: hackread.com/cisco-patches-firewall-vulnerabilities-cvss-10-flaws/
-
Cyberangriffe auf Unternehmen: Mehrere gefährliche Cisco-Lücken unter Beschuss
Drei im Februar offengelegte Sicherheitslücken in Cisco-Netzverwaltungssoftware werden attackiert – unter anderem dank lokal gespeicherter Zugangsdaten. First seen on golem.de Jump to article: www.golem.de/news/angriffe-auf-unternehmen-mehrere-gefaehrliche-cisco-luecken-unter-beschuss-2603-206181.html
-
Angriffe auf Unternehmen: Mehrere gefährliche Cisco-Lücken unter Beschuss
Drei im Februar offengelegte Sicherheitslücken im Cisco Catalyst SD-WAN Manager werden attackiert – unter anderem dank lokal gespeicherter Zugangsdaten. First seen on golem.de Jump to article: www.golem.de/news/angriffe-auf-unternehmen-mehrere-gefaehrliche-cisco-luecken-unter-beschuss-2603-206181.html
-
Challenges and projects for the CISO in 2026
Tags: access, ai, authentication, automation, awareness, cisco, ciso, cloud, communications, control, credentials, cybersecurity, data, defense, detection, edr, email, encryption, endpoint, finance, framework, group, identity, intelligence, leak, mobile, network, service, soc, sophos, strategy, technology, trainingHazel DÃez (Banco Santander), Roberto Lara (Vodafone), Marijus Briedis (NordVPN), Ãlvaro Fernández (Sophos), and Ãngel Ortiz (Cisco). Banco Santander, Vodafone, NordVPN, Sophos y Cisco. Montaje: Foundry Against this backdrop, Cisco defines AI as “the fundamental technology that will set the cybersecurity agenda in 2026,” in the words of Ortiz, who refers to the company’s Integrated…
-
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants.The activity is being tracked by Cisco Talos under the moniker UAT-9244, describing it as closely associated with another cluster known as FamousSparrow.It’s worth First seen…
-
Zero-day exploits hit enterprises faster and harder
Tags: access, apple, attack, backdoor, business, china, cisco, cve, data, detection, endpoint, espionage, exploit, firewall, flaw, fortinet, google, group, hacker, infrastructure, ivanti, least-privilege, mobile, network, oracle, radius, ransomware, risk, router, russia, service, software, technology, threat, update, vpn, vulnerability, zero-dayEnterprise environments under siege: Chinese threat actors continued to display a preference for targets that are difficult to monitor and allow persistent access to strategic networks. Notable examples include the groups that GTIG tracks as UNC5221, which exploited a flaw in Ivanti Connect Secure (CVE-2025-0282) and UNC3886, which exploited a vulnerability in Juniper routers (CVE-2025-21590).Another…
-
Breach Roundup: Patches and Hacks on Cisco Equipment
Also: Trojanized RedAlert App, Tycoon 2FA Takedown, CyberStrikeAI Attacks. This week, Cisco patches and hacks. Trojanized app targeted Israelis. Bye-bye, Tycoon 2FA. Also bye-bye LeakBase. A LexisNexis breach. Woman sentenced for trafficking Microsoft licenses. Silver Dragon targeted governments. Broadcom patch. A Mississippi medical clinic resumed operations. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-patches-hacks-on-cisco-equipment-a-30927
-
Breach Roundup: Patches and Hacks on Cisco Equipment
Also: Trojanized RedAlert App, Tycoon 2FA Takedown, CyberStrikeAI Attacks. This week, Cisco patches and hacks. Trojanized app targeted Israelis. Bye-bye, Tycoon 2FA. Also bye-bye LeakBase. A LexisNexis breach. Woman sentenced for trafficking Microsoft licenses. Silver Dragon targeted governments. Broadcom patch. A Mississippi medical clinic resumed operations. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-patches-hacks-on-cisco-equipment-a-30927
-
Cisco SD-WAN Manager Vulnerabilities Actively Exploited
Cisco warns that attackers are actively exploiting vulnerabilities in its Catalyst SD-WAN Manager platform. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisco-sd-wan-manager-vulnerabilities-actively-exploited/
-
Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical
Edge bugs are so fetch, and Cisco just dropped 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cisco-48-firewall-vulnerabilities-2-critical
-
Cisco issues emergency patches for critical firewall vulnerabilities
root access to the device.”And CVE-2026-20131 is described thusly: “An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.”There are no workarounds for either…
-
Cisco issues emergency patches for critical firewall vulnerabilities
root access to the device.”And CVE-2026-20131 is described thusly: “An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.”There are no workarounds for either…