ALL POSTS

Key Findings Cisco patched four critical vulnerabilities in Identity Services Engine and Webex with CVSS scores ranging from 9.8 to 9.9 CVE-2026-20184 allows unauthenticated attackers to impersonate any Webex user through improper certificate validation CVE-2026-20147, CVE-2026-20180, and CVE-2026-20186 enable authenticated attackers with admin credentials to execute arbitrary code and OS commands No evidence of active exploitation in the wild, but immediate patching is stron

Key Findings ShinyHunters has issued a final warning to Cisco with an April 3, 2026 deadline before publicly leaking over 3 million alleged stolen records The group claims access through three separate breach paths: UNC6040, Salesforce Aura, and compromised AWS accounts Stolen data includes personally identifiable information, GitHub repositories, AWS storage buckets, and internal corporate data Screenshots provided by the group show access to AWS organizational dashboards an

Key Findings * Interlock ransomware group exploited CVE-2026-20131 in Cisco FMC 36 days before public disclosure * Zero-day vulnerability allows unauthenticated remote code execution with root privileges * Amazon Threat Intelligence discovered exploitation using global honeypot network * Attackers used sophisticated multi-stage attack with custom tools and evasion techniques * Targeted sectors include education, healthcare, industry, and government Background The Interlock ra

Key Findings: A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023 to gain remote, unauthenticated administrative access. The vulnerability allows an attacker to bypass authentication and gain full administrative access to affected Cisco Catalyst SD-WAN Controller and Manager systems. Exploited environments include on-premises, Cisco Hosted SD-WAN Cloud, and FedRAMP Cisco Hosted SD-WAN Cloud deployments.

Key Findings Cisco has released urgent updates to address critical vulnerabilities in Cisco Meeting Management and Cisco TelePresence Collaboration Endpoint (CE) Software The vulnerabilities could allow attackers to seize control of meeting management systems or crash communication endpoints The most severe flaw, CVE-2026-20098, carries a high CVSS score of 8.8 and allows remote attackers to execute arbitrary commands with root privileges Background Cisco Meeting Management i

Key Findings Cisco patched a critical zero-day remote code execution (RCE) flaw, tracked as CVE-2026-20045 (CVSS score of 8.2), that is actively being exploited in attacks. The vulnerability allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. The bug affects Cisco Unified CM, Unified CM SME, IM & Presence, Unity Connection, and Webex Calling Dedicated Instance. Cisco is aware of attempted exploitat

Key Findings: Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. The vulnerability is due to improper parsing of XML that is processed by the web-based management

Key Findings Amazon's threat intelligence team observed an advanced persistent threat group exploiting zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products before the vendors disclosed and patched the issues. The attacks leveraged the following vulnerabilities: CVE-2025-5777 (CVSS score: 9.3) - An insufficient input validation vulnerability in Citrix NetScaler ADC and Gateway that could be exploited to bypass authentication. (Fixed