Tag: cisco
-
Beware: Weaponized AI Tool Installers Infect Devices with Ransomware
Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers, targeting unsuspecting users and businesses across multiple industries. These threats, including the CyberLock and Lucky_Gh0$t ransomware families, along with a newly identified destructive malware dubbed “Numero,” exploit the growing popularity of AI solutions in sectors like B2B sales, technology, and…
-
Critical Cisco IOS XE Flaw Permits Arbitrary File Upload, PoC Released
A critical security vulnerability, tracked as CVE-2025-20188, has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs), threatening enterprise wireless infrastructures worldwide. This flaw, scoring a maximum 10.0 on the CVSS scale, allows unauthenticated remote attackers to upload arbitrary files and potentially execute commands as root, granting full control over affected devices. The vulnerability…
-
Thousands of ASUS routers compromised in sophisticated hacking campaign
Researchers have previously linked the suspected threat actor, dubbed ViciousTrap, to the exploitation of Cisco routers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/thousands-asus-routers-compromised-hacking/749259/
-
Fake ChatGPT and InVideo AI Downloads Deliver Ransomware
Cisco Talos uncovers CyberLock ransomware, Lucky_Gh0$t, and Numero malware masquerading as legitimate software and AI tool installers. Learn… First seen on hackread.com Jump to article: hackread.com/fake-chatgpt-invideo-ai-downloads-deliver-ransomware/
-
Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools
Tags: ai, chatgpt, cisco, cybercrime, intelligence, malware, openai, powershell, ransomware, threat, toolFake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero.”CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim’s system,” Cisco Talos researcher Chetan…
-
Große Studie von Cisco – Es gibt weniger Cyberangriffe, doch diese verursachen mehr Schaden
First seen on security-insider.de Jump to article: www.security-insider.de/cisco-studie-cyberangriffe-moderne-technologien-a-1957f42efba329b830d97adc81b5e44d/
-
Cybercriminals camouflaging threats as AI tool installers
Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/fake-ai-tool-installers/
-
Cisco launches new identity access management products, services
First seen on scworld.com Jump to article: www.scworld.com/news/cisco-launches-new-identity-access-management-products-services
-
Cisco warns of FinTech cyber gaps in Saudi Arabia
First seen on scworld.com Jump to article: www.scworld.com/brief/cisco-warns-of-fintech-cyber-gaps-in-saudi-arabia
-
Cisco Duo Expands Beyond MFA, Launches Security-First Identity and Access Management Platform
First seen on scworld.com Jump to article: www.scworld.com/news/cisco-duo-expands-beyond-mfa-launches-security-first-identity-and-access-management-platform
-
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/
-
‘Secure email’: A losing battle CISOs must give up
End-to-end encryption remains elusive: Email continues to be the dominant electronic communication tool today because it is well understood, relatively easy to use, and relatively inexpensive. By and large, businesses have approved email for sending confidential information, and we often convince ourselves that it is secure, can be secured with third-party tools, or it’s “good…
-
Proficio and Cisco Join Forces to Deliver Managed XDR for RoundClock Threat Detection
First seen on scworld.com Jump to article: www.scworld.com/news/proficio-and-cisco-join-forces-to-deliver-managed-xdr-for-round-the-clock-threat-detection
-
Chinese Hackers Exploit Cityworks Flaw to Target US Local Governments
Cisco Talos reported that a Chinese group has deployed web shells and malware in local government networks post-exploitation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-hackers-cityworks-local/
-
Cisco Unveils JARVIS: AI Assistant Transforming Platform Engineering
Discover JARVIS, Cisco’s AI assistant that streamlines platform engineering workflows and enhances AI security with ServiceNow. Learn more now! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/cisco-unveils-jarvis-ai-assistant-transforming-platform-engineering/
-
Chinese Hackers Exploit Cityworks 0-Day to Hit US Local Governments
Cisco Talos warns of active exploitation of a zero-day vulnerability (CVE-2025-0994) in Cityworks supposedly by Chinese hackers from… First seen on hackread.com Jump to article: hackread.com/chinese-hackers-exploit-cityworks-0day-us-local-agencies/
-
ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices
Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network.The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them into…
-
Chinese threat actors exploited Trimble Cityworks flaw to breach U.S. local government networks
A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy Cobalt Strike and VShell. Cisco Talos researchers attribute the exploitation of the CVE-2025-0994 in Trimble Cityworks to Chinese-speaking threat actor UAT-6382, based on tools and TTPs used in the intrusions. The vulnerability CVE-2025-0994 (CVSS v4 score of 8.6) is a…
-
Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware
Cisco Talos has uncovered active exploitation of a zero-day remote-code-execution vulnerability, identified as CVE-2025-0994, in Cityworks, a widely used asset management system. This critical flaw has been leveraged by a group tracked as UAT-6382, assessed with high confidence to be Chinese-speaking threat actors, to target enterprise networks of local governing bodies in the United States…
-
Cisco Webex Meetings Vulnerability Enables HTTP Response Manipulation
Security researchers have uncovered a vulnerability in Cisco Webex Meetings that could allow remote attackers to manipulate HTTP responses without authentication. The cloud-based vulnerability affects the client join services component of the popular videoconferencing platform. Cisco has already addressed the issue, with no user action required for remediation. The vulnerability, reported by security researcher Matthew…
-
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
Tags: access, china, cisco, cve, exploit, flaw, government, hacker, malware, network, remote-code-execution, threat, vulnerabilityA Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell.”UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access,” Cisco Talos researchers First seen on thehackernews.com Jump…
-
Cisco Unified Intelligence Center Vulnerability Allows Privilege Escalation
Cisco has disclosed two security vulnerabilities in its Unified Intelligence Center that could allow authenticated remote attackers to escalate privileges. The more severe flaw, tracked as CVE-2025-20113, received a CVSS score of 7.1 (High), while the secondary vulnerability, CVE-2025-20114, was rated at 4.3 (Medium). These vulnerabilities affect all configurations of Cisco Unified Intelligence Center, including…
-
Cisco Identity Services RADIUS Vulnerability Allows Attackers to Trigger Denial of Service Condition
Cisco has disclosed a significant security vulnerability in its Identity Services Engine (ISE) that could enable unauthenticated remote attackers to cause denial of service conditions by exploiting flaws in the RADIUS message processing feature. The vulnerability, which was discovered during Cisco’s internal security testing, allows attackers to force affected devices to reload by sending specially…
-
Cybercriminals Could Leverage Google Cloud Platform for Malicious Activities
A Research by Tenable and Cisco Talos has shed light on a critical vulnerability in Google Cloud Platform’s (GCP) Cloud Functions and Cloud Build services, revealing a potential attack vector for cybercriminals. According to Tenable, the default Cloud Build Service Account (SA) previously granted excessive permissions during the deployment of Cloud Functions, a serverless compute…
-
Cisco Hires Former Google Cloud Exec As New Security GM
Cisco has hired former Google Cloud executive Peter Bailey as the new senior vice president and general manager of its security business, executives disclosed Tuesday. First seen on crn.com Jump to article: www.crn.com/news/security/2025/cisco-hires-former-google-cloud-exec-as-new-security-gm
-
8 KI-Sicherheitsrisiken, die Unternehmen übersehen
Tags: access, ai, api, application-security, authentication, cisco, ciso, compliance, cyber, cyberattack, cybersecurity, data, data-breach, framework, governance, hacker, injection, LLM, RedTeam, risk, risk-management, security-incident, software, threat, tool, vulnerabilityIn ihrem Wettlauf um Produktivitätssteigerungen durch generative KI übersehen die meisten Unternehmen die damit verbundenen Sicherheitsrisiken.Laut einer Studie des Weltwirtschaftsforums, die in Zusammenarbeit mit Accenture durchgeführt wurde, versäumen es 63 Prozent der Unternehmen, die Sicherheit von KI-Tools vor deren Einsatz zu überprüfen. Dadurch gehen sie eine Reihe von Risiken für ihr Unternehmen ein.Dies gilt sowohl…
-
Duping Cloud Functions: An emerging serverless attack vector
Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/duping-cloud-functions-an-emerging-serverless-attack-vector/
-
Proofpoint buying Hornetsecurity in a play to expand email security scope
One of many big purchases in the industry: While the terms are confidential, sources have reported the price of the Hornetsecurity purchase, which is expected to close in the second half of 2025, to be well over $1 billion. This would make it Proofpoint’s largest acquisition, and also one of the biggest cybersecurity deals in…
-
Researchers Unveil New Mechanism to Track Compartmentalized Cyber Threats
Cisco Talos, in collaboration with The Vertex Project, has introduced an innovative approach to tackle the rising complexity of compartmentalized cyber threats. As modern cyberattacks increasingly involve multiple threat actors executing distinct stages of an attack kill chain-such as initial access, exploitation, and ransomware deployment-traditional threat modeling frameworks like the Diamond Model have struggled to…