Tag: cisco
-
Cisco Talos Researcher Reveals Method That Causes LLMs to Reveal Training Data
In this TechRepublic interview, researcher Amy Chang details the decomposition method and shares how organizations can protect themselves from LLM data extraction. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-talos-generative-ai-llm-decomposition/
-
Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks
In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/backdoors-breaches-how-talos-is-helping-humanitarian-aid-ngos-prepare-for-cyber-attacks/
-
Wie EDR EDR aushebelt
Tags: access, cisco, crowdstrike, cyberattack, detection, edr, endpoint, firewall, monitoring, software, tool, vulnerabilityLegitime Security-Tools gegeneinander auszuspielen, eröffnet Cyberkriminellen diverse Vorteile.Cybersicherheitsforscher haben einen unheilvollen neuen Angriffsvektor entdeckt. Dabei könnten Angreifer kostenlose Testversionen von Endpoint Detection and Response (EDR)-Software dazu missbrauchen, vorhandene Sicherheits-Tools zu deaktivieren. Die Researcher Ezra Woods und Mike Manrod haben das Phänomen entdeckt und dokumentiert, das sie als “EDR-on-EDR Violence” bezeichnen. Ihre Erkenntnisse haben die Sicherheitsexperten…
-
Breach Roundup: Did China Have a Sneak Peek Into ToolShell?
Also: ToolShell Hits South Africa, Most Americans Are Online Fraud Victims. This week: Did China sneak a peek into ToolShell? ToolShell hacking in South Africa, Cisco flaws, an Arizona woman sentenced for aiding North Korea. Most Americans scammed online, a NASCAR data breach and a claimed data leak at France’s Naval Group. Orange telecom disrupted.…
-
Cisco Talos at Black Hat 2025: Briefings, booth talks and what to expect
Cisco Talos is back at Black Hat with new research, threat detection overviews and opportunities to connect with our team. Whether you’re interested in what we’re seeing in the threat landscape, detection engineering or real-world incident response, here’s where and how to find us. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/cisco-talos-at-black-hat-2025-briefings-booth-talks-and-what-to-expect/
-
CISA Warns of Exploited Critical Vulnerabilities in Cisco Identity Services Engine
Tags: cisa, cisco, cybersecurity, exploit, flaw, hacker, identity, infrastructure, service, vulnerabilityHackers are actively exploiting two critical flaws in Cisco Identity Services Engine, said the US Cybersecurity and Infrastructure Security Agency First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-kev-cisco-ise/
-
CISA Adds Cisco ISE and PaperCut Vulnerabilities to Known Exploited Vulnerabilities Catalog
Tags: cisa, cisco, cybersecurity, exploit, flaw, identity, infrastructure, kev, remote-code-execution, service, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding three high-impact vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These include two unauthenticated remote code execution flaws in Cisco Identity Services Engine (ISE) and one cross-site request forgery (CSRF) vulnerability affecting PaperCut NG/MF software. First seen on thecyberexpress.com Jump to…
-
PoC Exploit Published for Actively Exploited Cisco Identity Services Engine Flaw
Tags: access, cisco, control, cve, cyber, data-breach, exploit, flaw, identity, network, remote-code-execution, service, vulnerability, zero-daySecurity researchers have published a detailed proof-of-concept exploit for a critical vulnerability in Cisco Identity Services Engine (ISE) that allows attackers to achieve remote code execution without authentication. The flaw, tracked as CVE-2025-20281, affects the widely-deployed network access control platform and has been actively exploited in the wild. Critical Zero-Day Vulnerability Exposed The vulnerability was…
-
CISA Issues Alert on Cisco Identity Services Engine Flaw Exploited in Active Attacks
Tags: attack, cisa, cisco, cyber, cybersecurity, exploit, flaw, identity, infrastructure, injection, kev, risk, service, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding severe vulnerabilities in Cisco’s Identity Services Engine (ISE) that are being actively exploited by threat actors. The agency added two critical injection vulnerabilities to its Known Exploited Vulnerabilities Catalog on July 28, 2025, signaling immediate risks to organizations using the affected…
-
U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog
U.S. U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week, Cisco confirmed attempted exploitation…
-
Exploit available for critical Cisco ISE bug exploited in attacks
Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-available-for-critical-cisco-ise-bug-exploited-in-attacks/
-
Cisco Patches Three Critical Vulnerabilities Here are the Products Affected
Three separate vulnerabilities impact Cisco’s identity services. All have been patched. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/security/cisco-ise-vulnerabilities/
-
New Chaos Ransomware Emerges, Launches Wave of Attacks
Cisco Talos warned that the Chaos group, thought to be formed of former BlackSuit members, has launched a wave of attacks targeted a variety of sectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chaos-ransomware-wave-attacks/
-
Cisco network access security platform vulnerabilities under active exploitation
The software defects, which have a maximum-severity rating, do not require authentication and allow remote attackers to execute code arbitrarily on the underlying system. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-identity-services-engines-active-exploits/
-
Cisco confirms active exploitation of ISE and ISE-PIC flaws
Cisco warns of active exploits targeting Identity Services Engine (ISE) and ISE-PIC flaws, first observed in July 2025. Cisco confirmed attempted exploitation in the wild of recently disclosed ISE and ISE-PIC flaws (CVE-2025-20281, CVE-2025-20282, CVE-2025-20337), updating its advisory after detecting attacks in July 2025. >>Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE…
-
Maximum severity Cisco ISE vulnerabilities exploited by attackers
One or more vulnerabilities affecting Cisco Identity Services Engine (ISE) are being exploited in the wild, Cisco has confirmed by updating the security advisory for the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/23/maximum-severity-cisco-ise-vulnerabilities-exploited-by-attackers/
-
Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access
Tags: access, advisory, cisco, exploit, flaw, identity, incident response, security-incident, service, vulnerabilityCisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to acknowledge active exploitation.”In July 2025, the Cisco PSIRT [Product Security Incident Response Team], became aware of attempted exploitation of some of these vulnerabilities in the wild,” the company said…
-
Cisco Alerts on ISE RCE Vulnerability Actively Exploited
Cisco has issued an urgent security advisory warning that a set of critical remote code execution (RCE) vulnerabilities affecting its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC) products are being actively exploited in the wild. The flaws, tracked as CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337, carry the highest possible severity rating, with a CVSS base…
-
ToolShell: Details of CVEs Affecting SharePoint Servers
Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/toolshell-affecting-sharepoint-servers/
-
Botnet Abuses GitHub Repositories to Spread Malware
Hackers Using Amadey Bot to Drops Payloads From Fake GitHub Accounts. Threat actors are using public GitHub repositories to host and distribute malware through the Amadey botnet in an ongoing campaign linked to a broader malware-as-a-service operation, Cisco Talos said in a report published Thursday. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/botnet-abuses-github-repositories-to-spread-malware-a-29014
-
Cisco warns of another critical RCE flaw in ISE, urges immediate patching
Tags: access, ai, api, breach, cisco, communications, credentials, endpoint, exploit, flaw, network, radius, rce, remote-code-execution, risk, update, vulnerability, wifiFaster patching is needed: Barr is concerned about the flaw in finding N-day abuse. “While it’s positive that Cisco is transparent in disclosure and swift in releasing patches, the reality is that patching these types of vulnerabilities, especially in large, distributed enterprise environments, is not instantaneous,” he said. “Restart requirements and dependencies on high-availability setups…
-
Threat Actors Exploit GitHub Accounts to Host Payloads, Tools, and Amadey Malware Plugins
Cisco Talos researchers identified a sophisticated Malware-as-a-Service (MaaS) operation in April 2025 that employed the Amadey botnet to distribute various payloads. This operation exploited fake GitHub accounts as open directories for hosting malicious payloads, tools, and Amadey plugins, aiming to evade web filtering mechanisms and simplify distribution. By leveraging GitHub’s legitimate domain, threat actors could…
-
New Cisco Bugs Rated CVSS 10.0, Patch Immediately
Cisco has issued a new security advisory warning of newly discovered vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), revealing serious security flaws that could allow remote, unauthenticated attackers to execute arbitrary code on targeted systems with root privileges. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisco-cve-2025-20337-and-ise-pic-flaws/
-
Cisco Discloses ’10’ Flaw in ISE, ISE-PIC, Patch Now
Cisco just disclosed a critical severity flaw in its ISE and ISE-PIC products, joining two similar bugs disclosed last month. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/cisco-cvss-10-flaw-ise-ise-pic-patch-now
-
Watch out, another max-severity, make-me-root Cisco bug on the loose
Tags: ciscoThree perfect 10s in the last month – ISE, ISE, baby First seen on theregister.com Jump to article: www.theregister.com/2025/07/17/critical_cisco_bug/
-
Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters
Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025.”The MaaS [malware-as-a-service] operators used fake GitHub accounts to host payloads, tools, and Amadey plug-ins, likely as an attempt to bypass web filtering and for ease of use,” Cisco Talos researchers…
-
Max severity Cisco ISE bug allows pre-auth command execution, patch now
A critical vulnerability (CVE-2025-20337) in Cisco’s Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/max-severity-cisco-ise-bug-allows-pre-auth-command-execution-patch-now/
-
Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity
Cisco warns of CVE-2025-20337, a critical ISE flaw (CVSS 10) allowing remote code execution with root privileges. Cisco addressed a critical vulnerability, tracked as CVE-2025-20337 (CVSS score of 10), in Identity Services Engine (ISE) and Cisco Identity Services Engine Passive Identity Connector (ISE-PIC). An attacker could trigger the vulnerability to execute arbitrary code on the…
-
MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities
Cisco Talos uncovered a stealthy Malware-as-a-Service (MaaS) operation that used fake GitHub accounts to distribute a variety of dangerous payloads and evade security defenses. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/maas-operation-using-emmenhtal-and-amadey-linked-to-threats-against-ukrainian-entities/
-
Cisco Unified Intelligence Center Flaw Lets Remote Attackers Upload Arbitrary Files
A critical security vulnerability has been discovered in Cisco’s Unified Intelligence Center that allows authenticated remote attackers to upload arbitrary files to affected systems, potentially enabling complete system compromise. The flaw, tracked as CVE-2025-20274, carries a CVSS score of 6.3 and has been assigned a High security impact rating by Cisco due to the potential…