Security News

A previously unknown vulnerability affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today. CVE-2023-20198 is a privilege escalation vulnerability in the web UI feature of Cisco IOS XE software, which is installed on various Cisco controllers, switches, edge, branch and virtual routers.

Cisco warned admins today of a new and maximum severity zero-day vulnerability in its IOS XE Software that can let attackers gain full administrator privileges and take complete control of affected routers. "Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface feature of Cisco IOS XE software when exposed to the internet or untrusted networks," the company revealed today.

Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities exploited in attacks. The first zero-day is a privilege escalation vulnerability caused by a weakness in the XNU kernel that can let local attackers elevate privileges on vulnerable iPhones and iPads.

An ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of...

Apple has released a security update for iOS and iPadOS to fix another zero-day vulnerability exploited in the wild. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6," the company stated.

Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild. Tracked as CVE-2023-42824, the kernel...

New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka...

Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on...

Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild."An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker," Cisco explained in a security advisory published on Wednesday.

57% of all monitored apps are under attack, with gaming and FinServ apps facing the highest risk, according to Digital. The study found no correlation between an app's popularity and likelihood of being attacked but found Android apps are more likely to be put in unsafe environments than iOS apps.