Security News

PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices
2025-02-27 09:20

A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023. French cybersecurity...

Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
2025-02-21 07:38

Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login...

Chinese hackers breach more US telecoms via unpatched Cisco routers
2025-02-14 12:56

China's Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. [...]

More victims of China's Salt Typhoon crew emerge: Telcos just now hit via Cisco bugs
2025-02-13 18:34

Networks in US and beyond compromised by Beijing's super-snoops pulling off priv-esc attacks China's Salt Typhoon spy crew exploited vulnerabilities in Cisco devices to compromise at least seven...

Critical Cisco ISE bug can let attackers run commands as root
2025-02-06 16:40

Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root. [...]

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
2025-02-06 07:40

Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on...

Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management
2025-01-23 21:00

No in-the-wild exploits … yet Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges...

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw
2025-01-23 12:57

Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) that, when triggered,...

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
2025-01-23 06:21

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on...

Cisco warns of denial of service flaw with PoC exploit code
2025-01-22 18:47

Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. [...]