Tag: cisco
-
Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks
Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security Features (SISF) of multiple software platforms that could allow unauthenticated attackers to cause denial of service (DoS) conditions. The vulnerability stems from incorrect handling of DHCPv6 packets and affects Cisco IOS Software, IOS XE Software, NX-OS Software, and Wireless LAN Controller…
-
Cisco fixed a critical flaw in its IOS XE Wireless Controller
Cisco addressed a flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files. Cisco released software updates to address a vulnerability, tracked as CVE-2025-20188 (CVSS score 10), in IOS XE Wireless Controller. An unauthenticated, remote attacker can exploit the flaw to load arbitrary files to a vulnerable system.…
-
Cisco IOS XE Vulnerability Allows Attackers to Gain Elevated Privileges
Cisco has issued an urgent security advisory (ID: cisco-sa-iosxe-privesc-su7scvdp) following the discovery of multiple privilege escalation vulnerabilities in its widely used IOS XE Software. The flaws could allow attackers with existing high-level device access to gain root privileges, jeopardizing the security of enterprise networks worldwide. What Is the Vulnerability? Cisco’s advisory, part of its May…
-
CVE-2025-20188: Cisco Fixes 10.0-Rated Wireless Controller Flaw
Cisco has rolled out software patches to address a severe security vulnerability, tracked as CVE-2025-20188, in its IOS XE Wireless Controller software. The flaw, which has been assigned the highest possible CVSS score of 10.0, could allow unauthenticated remote attackers to gain full root access on affected systems. First seen on thecyberexpress.com Jump to article:…
-
Cisco’s new chip wants to scale quantum computing faster
Cisco is making significant strides in quantum computing by focusing on quantum networking, aiming to bring practical applications closer to reality. The company recently … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/08/cisco-quantum-network-entanglement-chip/
-
Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots
Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in its widely used IOS, IOS XE, and IOS XR software. The flaw, tracked as CVE-2025-20154, allows unauthenticated attackers to trigger denial-of-service (DoS) conditions by forcing devices to reboot remotely. Vulnerability Overview The weakness stems from improper handling ofTwo-Way Active Measurement Protocol (TWAMP)control…
-
Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control
A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs), potentially allowing unauthenticated remote attackers to gain full control of affected devices. The vulnerability, tracked as CVE-2025-20188, lets attackers upload arbitrary files and execute commands with root privileges, posing a severe threat to enterprise wireless networks worldwide. Vulnerability Summary The vulnerability…
-
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system.The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system.”This vulnerability is due to the presence of a hard-coded JSON…
-
Global cybersecurity readiness remains critically low
Only 4% of organizations worldwide have achieved the ‘mature’ level of readiness required to withstand cybersecurity threats, according to Cisco’s 2025 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/08/cybersecurity-readiness-level-across-organizations/
-
Stealth Is the Strategy: Rethinking Infrastructure Defense
Tags: access, ai, attack, breach, cisco, cloud, cybersecurity, data, defense, edr, endpoint, espionage, exploit, finance, firewall, gartner, google, group, infrastructure, injection, ivanti, malicious, monitoring, network, resilience, risk, strategy, technology, threat, tool, vpn, vulnerability, zero-day, zero-trust -
Top cybersecurity products showcased at RSA 2025
Tags: access, ai, attack, automation, awareness, breach, cisco, compliance, control, crowdstrike, cyber, cybersecurity, data, defense, detection, edr, email, firewall, fortinet, framework, identity, incident response, infrastructure, injection, intelligence, login, malicious, open-source, phishing, risk, siem, soc, threat, tool, training, update, vulnerability, zero-trustCisco: Foundational AI Security Model: Cisco introduced its Foundation AI Security Model, an open-source framework designed to standardize safety protocols across AI models and applications. This initiative aims to address the growing concerns around AI security and ensure Safer AI deployments. Cisco also unveiled new agentic AI features in its XDR and Splunk platforms, along…
-
‘SOC der Zukunft” – Mehr KI, mehr Automatisierung: Cisco erweitert Security-Portfolio
First seen on security-insider.de Jump to article: www.security-insider.de/mehr-ki-mehr-automatisierung-cisco-erweitert-security-portfolio-a-f1c9c34f88c052ff7a31dbb92c516267/
-
Cisco Boosts XDR Platform, Splunk With Agentic AI
Cisco joins the agentic AI wave with the introduction of advanced LLMs to autonomously verify and investigate attacks. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/cisco-boosts-xdr-platform-splunk-agentic-ai
-
The 14 most valuable cybersecurity certifications
Tags: access, ai, application-security, attack, automation, best-practice, blockchain, blueteam, china, cisa, cisco, ciso, cloud, compliance, computer, computing, conference, control, country, credentials, cryptography, cyber, cybersecurity, data, defense, encryption, endpoint, exploit, finance, governance, government, guide, hacker, hacking, incident response, intelligence, Internet, jobs, kali, law, linux, malware, metric, microsoft, monitoring, network, penetration-testing, privacy, reverse-engineering, risk, risk-analysis, risk-management, skills, threat, training, vulnerability, windowsIndustry recognition Who’s to say one certification is more respected than another? Such criteria can be very subjective, so we turned to the most direct and unbiased source to cut through the ambiguity: job listings. In addition to education, skills, and qualifications, employers often specify certs they seek in their ideal candidate. These mentions carry…
-
Russian APT28 hackers have redoubled efforts during Ukraine war, says French security agency
Tags: apt, attack, backdoor, cisco, credentials, crowdstrike, cyber, detection, exploit, finance, government, group, hacker, hacking, infrastructure, intelligence, Internet, mail, malicious, military, monitoring, network, phishing, russia, service, theft, ukraine, vpn, vulnerabilityTargeting and Compromise of French Entities Using the APT28 Intrusion Set, the group now aggressively targets the networks of government organizations and companies connected to Ukraine’s allies, including France.Since 2021, the group has targeted specific industrial sectors including aerospace, financial services, think tanks and research, local government, and government ministries.Nothing APT28 does stands out as…
-
RSAC 2025 Keynote: Cisco open-sources AI security tools
First seen on scworld.com Jump to article: www.scworld.com/news/rsac-2025-keynote-cisco-open-sources-ai-security-tools
-
Cisco Advances Security Innovations for the AI Era, Expands Partnership with ServiceNow
First seen on scworld.com Jump to article: www.scworld.com/news/cisco-advances-security-innovations-for-the-ai-era-expands-partnership-with-servicenow
-
Enterprise-specific zero-day exploits on the rise, Google warns
Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-daySurge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
-
Cisco AI Defense embeds with ServiceNow SecOps tools
Cisco AI Defense will feed in data and automate AI governance in ServiceNow SecOps products as enterprises seek a platform approach to cybersecurity. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366623232/Cisco-AI-Defense-embeds-with-ServiceNow-SecOps-tools
-
Cisco, former Google, Meta experts train cybersecurity LLM
Cisco’s new Foundation AI group, which includes engineers from multiple companies, has released a compact AI reasoning model based on Llama 3 for cybersecurity to open source. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366623089/Cisco-Google-Meta-collab-trains-cybersecurity-LLM
-
Cisco Unveils Open Source AI Reasoning Model for Cybersecurity Use Cases
Cisco today at the 2025 RSA Conference revealed it is making available an open-source generative artificial intelligence (AI) reasoning model specifically designed to automate cybersecurity analytics and workflows, along with a set of controls for securing AI artifacts in software supply chains. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/cisco-unveils-open-source-ai-reasoning-model-for-cybersecurity-use-cases/
-
ToyMaker Hackers Compromise Numerous Hosts via SSH and File Transfer Tools
Tags: access, attack, breach, cisco, cyber, cybersecurity, exploit, hacker, infrastructure, Internet, threat, tool, vulnerabilityIn a alarming cybersecurity breach uncovered by Cisco Talos in 2023, a critical infrastructure enterprise fell victim to a meticulously orchestrated attack involving multiple threat actors. The initial access broker, identified as >>ToyMaker
-
Multiple Cisco Tools at Risk from Erlang/OTP SSH Remote Code Execution Flaw
Tags: advisory, cisco, cloud, cyber, flaw, infrastructure, network, remote-code-execution, risk, tool, vulnerabilityCisco has issued a high-severity advisory (cisco-sa-erlang-otp-ssh-xyZZy) warning of a critical remote code execution (RCE) vulnerability in products using Erlang/OTP’s SSH server. The flaw, tracked as CVE-2025-32433, allows unauthenticated attackers to execute arbitrary code on vulnerable devices, posing systemic risks to enterprise networks, cloud infrastructure, and telecom systems. Vulnerability Overview The flaw stems from improper handling…
-
Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators
Tags: access, advisory, ai, attack, breach, china, cisa, cisco, ciso, cloud, computer, control, csf, cve, cyber, cyberattack, cybersecurity, data, defense, encryption, espionage, exploit, firmware, framework, governance, government, group, hacker, hacking, healthcare, identity, infrastructure, Internet, LLM, malicious, mfa, mitigation, mitre, network, nist, open-source, password, phishing, privacy, risk, risk-assessment, router, service, software, strategy, supply-chain, technology, threat, tool, update, vulnerabilityCheck out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on attacks against edge routers. Dive into five…
-
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Cybersecurity researchers are warning of a “widespread and ongoing” SMS phishing campaign that’s been targeting toll road users in the United States for financial theft since mid-October 2024.”The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by ‘Wang Duo Yu,’” Cisco Talos researchers Azim…
-
Cisco Webex bug lets hackers gain code execution via meeting links
Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-webex-bug-lets-hackers-gain-code-execution-via-meeting-links/
-
XorDDoS Malware Upgrade Enables Creation of Advanced DDoS Botnets
Cisco Talos has uncovered significant advancements in the XorDDoS malware ecosystem, revealing a multi-layered infrastructure enabling sophisticated distributed denial-of-service (DDoS) attacks through a new >>VIP version
-
Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT
Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States.”From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence,” Cisco Talos researcher Joey Chen said in a Thursday analysis. First…
-
Will politicization of security clearances make US cybersecurity firms radioactive?
Tags: access, business, ceo, cisa, cisco, ciso, credentials, crowdstrike, cybersecurity, disinformation, election, government, infrastructure, intelligence, law, microsoft, network, office, risk, spyware, strategy, threatWhat brought this on: This is mostly a reaction to a White House order on Wednesday that tied security clearances to supporting political concepts. The order chastised Chris Krebs, the former head of Trump’s Cybersecurity and Infrastructure Security Agency (CISA). “Krebs’ misconduct involved the censorship of disfavored speech implicating the 2020 election and COVID-19 pandemic. CISA, under…