Topic: cisco vulnerabilities
-
China-Linked Hackers Exploit Cisco Firewall Zero-Days
Cisco has released emergency patches for two actively exploited zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) in its ASA and FTD firewall software, linked to the ArcaneDoor espionage campaign. The vulnerabilities allowed attackers, suspected to be a China-based group, to execute co...
Read More » -
Cisco Patches Critical Zero-Day Flaw Actively Under Attack
Cisco has released critical security patches for 14 vulnerabilities in its IOS and IOS XE software, including a high-severity flaw (CVE-2025-20352) that has been actively exploited as a zero-day. The vulnerability is a stack overflow in the SNMP subsystem, affecting a wide range of devices, and c...
Read More » -
Cisco Email Security Appliances Hacked via Unpatched Zero-Day
A critical zero-day vulnerability (CVE-2025-20393) in Cisco email security appliances is being exploited, allowing attackers to gain full control, particularly when a non-default Spam Quarantine feature is exposed to the internet. Attackers have installed a sophisticated toolkit for persistent, s...
Read More » -
Urgent: Patch Critical Cisco UCCX Vulnerabilities Now
Cisco has patched two critical vulnerabilities (CVE-2025-20358 and CVE-2025-20354) in its Unified Contact Center Express platform, which could allow attackers to bypass authentication and gain root-level control. CVE-2025-20358 enables unauthenticated attackers to manipulate the login process and...
Read More » -
Cisco ASA Firewalls Remain Vulnerable to Zero-Day Attacks
Approximately 48,000 Cisco ASA devices remain vulnerable to active zero-day attacks, posing ongoing risks globally, with the majority located in the U.S. and other key countries. Attackers have used advanced tactics, including disabling logging and intercepting commands, to exploit vulnerabilitie...
Read More » -
Urgent: 50,000 Cisco Firewalls at Risk From Active Attacks
Attackers are actively exploiting critical vulnerabilities CVE-2025-20333 and CVE-2025-20362 in around 50,000 Cisco ASA and FTD devices, enabling unauthorized remote code execution and access without authentication. Over 48,800 internet-facing devices remain unpatched, primarily in the U.S., with...
Read More » -
US Agencies Still Vulnerable to Critical Cisco Flaws
CISA issued an emergency directive for U.S. federal agencies to patch two actively exploited Cisco vulnerabilities (CVE-2025-20333 and CVE-2025-20362), as many devices were incorrectly reported as secure. These vulnerabilities enable remote code execution and privilege escalation, and are linked ...
Read More » -
CISA Mandates Urgent Patching for Actively Exploited Cisco Zero-Day Flaws
CISA has issued an emergency directive requiring U.S. federal agencies to immediately address two actively exploited critical vulnerabilities (CVE-2025-20333 and CVE-2025-20362) in Cisco ASA and FTD firewalls, which allow unauthenticated remote code execution. Agencies must inventory all affected...
Read More » -
Major Firewall Vendors Hit in Coordinated Cyberattack
A coordinated cyberattack is targeting Cisco, Palo Alto Networks, and Fortinet devices, with all exploitation campaigns originating from identical subnets, indicating a unified threat actor. The attacks began in early September, exploiting zero-day vulnerabilities in Cisco devices and causing a 5...
Read More »