Tag: cisco
-
Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive
Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, which it said have been exploited in the wild.The zero-day vulnerabilities in question are listed below -CVE-2025-20333 (CVSS score: 9.9) – An improper validation…
-
CISA orders feds to patch Cisco flaws used to hack multiple agencies
One U.S. official called the ongoing cyberattack campaign hitting federal agencies and businesses “very sophisticated.” First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-emergency-directive-cisco-vulnerabilities-arcanedoor/761150/
-
CISA orders agencies to patch Cisco flaws exploited in zero-day attacks
CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have been exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-cisco-flaws-exploited-in-zero-day-attacks/
-
Cisco warns of ASA firewall zero-days exploited in attacks
Cisco warned customers today to patch two zero-day vulnerabilities that are actively being exploited in attacks and impact the company’s firewall software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-asa-firewall-zero-days-exploited-in-attacks/
-
As many as 2 million Cisco devices affected by actively exploited 0-day
Search shows 2 million vulnerable Cisco SNMP interfaces exposed to the Internet. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/09/as-many-as-2-million-cisco-devices-affected-by-actively-exploited-0-day/
-
Evolved PXA Stealer wraps PureRAT in multi-layer obfuscation
Telegram and the Vietnamese infrastructure led to attribution: Metadata within exfiltrated ZIP archives pointed to @LoneNone, a Telegram handle previously associated with PXA Stealer. That same alias had appeared in earlier Cisco and SentinelOne reporting, and Validin also tied PureRAT infrastructure to Vietnamese actors, researchers noted.James Northey, SOC analyst and lead author of the report,…
-
Cisco uncovers new SNMP vulnerability used in attacks on IOS devices
Cisco Systems has issued security updates to address a critical vulnerability in its widely deployed IOS and IOS XE network operating systems, after confirming the flaw is being exploited in active attacks. Designated CVE-2025-20352, the vulnerability resides in the Simple Network Management Protocol (SNMP) subsystem of Cisco’s core network software. According to Cisco, the weakness…
-
As many as 2 million Cisco devices affected by actively exploited 0-day
Search shows 2 million vulnerable Cisco SNMP interfaces exposed to the Internet. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/09/as-many-as-2-million-cisco-devices-affected-by-actively-exploited-0-day/
-
Cisco Confirms Critical CVE-2025-20352 Zero-Day RCE Vulnerability Under Active Exploitation
Tags: attack, cisco, cve, exploit, flaw, incident response, rce, remote-code-execution, security-incident, software, vulnerability, zero-dayCisco has publicly disclosed a critical remote code execution (RCE) vulnerability, tracked as CVE-2025-20352, affecting its widely deployed Cisco IOS and IOS XE software platforms. According to Cisco’s Product Security Incident Response Team (PSIRT), the flaw is being actively exploited in the wild, with confirmed attacks leveraging compromised administrator credentials. First seen on thecyberexpress.com Jump…
-
Zero-day deja vu as another Cisco IOS bug comes under attack
The latest in a run of serious networking bugs gives attackers root if they have SNMP access First seen on theregister.com Jump to article: www.theregister.com/2025/09/25/zeroday_deja_vu_another_cisco/
-
Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352)
Cisco has fixed 14 vulnerabilities in IOS and IOS XE software, among them CVE-2025-20352, a high-severity vulnerability that has been exploited in zero-day attacks. About … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/25/cisco-ios-xe-cve-2025-20352/
-
Cisco IOS/XE Schwachstelle CVE-2025-20352
Cisco hat zum 24. September 2025 eine Sicherheitswarnung veröffentlicht, die sich auf Cisco IOS und IOS XE bezieht. Im Simple Network Management Protocol (SNMP) Subsystem der genannten Produkte gibt es eine Denial of Service and Remote Code Execution Schwachstelle CVE-2025-20352, … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/25/cisco-ios-xe-schwachstelle-cve-2025-20352/
-
Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software
Cisco addressed a high-severity zero-day in Cisco IOS and IOS XE Software that is being actively exploited in attacks in the wild. Cisco fixed an actively exploited zero-day, tracked as CVE-2025-20352, impacting Cisco IOS and IOS XE Software. The high-severity vulnerability resides in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and…
-
Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software
Tags: cisco, credentials, cve, dos, exploit, flaw, rce, remote-code-execution, service, software, vulnerabilityCisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances.The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it “after…
-
Cisco IOS 0-Day RCE Vulnerability Actively Targeted
Cisco has disclosed a critical zero-day vulnerability in its IOS and IOS XE software that is being actively exploited by threat actors in real-world attacks. The flaw, tracked as CVE-2025-20352, affects the Simple Network Management Protocol (SNMP) subsystem and allows both denial-of-service attacks and remote code execution depending on the attacker’s privilege level. Critical SNMP Stack…
-
Cisco IOS 0-Day RCE Vulnerability Actively Targeted
Cisco has disclosed a critical zero-day vulnerability in its IOS and IOS XE software that is being actively exploited by threat actors in real-world attacks. The flaw, tracked as CVE-2025-20352, affects the Simple Network Management Protocol (SNMP) subsystem and allows both denial-of-service attacks and remote code execution depending on the attacker’s privilege level. Critical SNMP Stack…
-
What happens when you engage Cisco Talos Incident Response?
What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/what-happens-when-you-engage-talos-ir/
-
What happens when you engage Cisco Talos Incident Response?
What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/what-happens-when-you-engage-talos-ir/
-
What happens when you engage Cisco Talos Incident Response?
What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/what-happens-when-you-engage-talos-ir/
-
What happens when you engage Cisco Talos Incident Response?
What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with? First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/what-happens-when-you-engage-talos-ir/
-
RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders
Cisco Talos has uncovered a sophisticated, long-running campaign active since 2022 that leverages DLL search order hijacking to deliver a novel PlugX variant with overlapping characteristics of the RainyDay and Turian backdoors. This operation, targeting telecommunications and manufacturing organizations across Central and South Asia, demonstrates a remarkable convergence of malware functionality and shared infrastructure that…
-
Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs
The post Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/cisco-uncovers-new-plugx-backdoor-linked-to-chinese-apts/
-
Hackers Hijacking IIS Servers Using Malicious BadIIS Module to Serve Malicious Content
Leveraging a native IIS module named BadIIS, attackers manipulated search engine crawler traffic to poison search results and redirect legitimate users to scam or adult-oriented websites. Infrastructure overlaps link this activity to ESET’s “Group 9” cluster and share functional similarities with Cisco Talos’s “DragonRank” campaign. In March 2025, Unit 42 researchers uncovered an advanced SEO…
-
Alex Ryan: From zero chill to quiet confidence
Discover how a Cisco Talos Incident Response expert transitioned from philosophy to the high-stakes world of incident command, offering candid insights into managing burnout and finding a supportive team. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/alex-ryan-from-zero-chill-to-quiet-confidence/
-
Alex Ryan: From zero chill to quiet confidence
Discover how a Cisco Talos Incident Response expert transitioned from philosophy to the high-stakes world of incident command, offering candid insights into managing burnout and finding a supportive team. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/alex-ryan-from-zero-chill-to-quiet-confidence/
-
Where CISOs need to see Splunk go next
Tags: ai, api, automation, cisco, ciso, cloud, communications, compliance, conference, crowdstrike, cybersecurity, data, data-breach, detection, finance, framework, google, incident response, intelligence, jobs, metric, microsoft, open-source, RedTeam, resilience, risk, router, siem, soar, strategy, tactics, threat, tool, vulnerabilityResilience resides at the confluence of security and observability: There was also a clear message around resilience, the ability to maintain availability and recover quickly from any IT or security event.From a Cisco/Splunk perspective, this means a more tightly coupled relationship between security and observability.I’m reminded of a chat I had with the chief risk…
-
Why a Cisco Talos Incident Response Retainer is a game-changer
With a Cisco Talos IR retainer, your organization can stay resilient and ahead of tomorrow’s threats. Here’s how. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/why-a-cisco-talos-incident-response-retainer-is-a-game-changer/
-
Cisco fixes high-severity IOS XR flaws enabling image bypass and DoS
Cisco addressed multiple high-severity IOS XR vulnerabilities that can allow ISO image verification bypass and trigger DoS conditions. Cisco addressed multiple vulnerabilities in IOS XR software as part of its semiannual Software Security Advisory Bundled Publication published on September 10, 2025. Below are the vulnerabilities addressed by the network giant: The following table identifies Cisco…