Cisco has released patches for a medium-severity security flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) following the public release of a proof-of-concept exploit, which could allow attackers with administrative credentials to access sensitive information. The vulnerability affects multiple Cisco versions, and users are urged to update to the latest releases as no workarounds are available. Additionally, fixes have been provided for two other medium-severity bugs impacting Cisco products like Cisco Secure Firewall and Cisco IOS XE.
Cybersecurity researchers have uncovered a nine-month campaign where the RondoDox botnet exploited the critical React2Shell vulnerability (CVE-2025-55182) to hijack IoT devices and web servers, deploying malware, cryptocurrency miners, and Mirai variants, with the threat still active as of December 2025. Organizations are urged to update vulnerable software, segment IoT devices, and enhance monitoring to prevent infection.
WatchGuard has issued patches for a critical VPN security flaw in Fireware OS (CVE-2025-14733) that is actively being exploited in the wild, affecting multiple versions and configurations. Threat actors are targeting affected devices, with indicators of compromise provided. Users are urged to update their systems immediately and follow mitigation steps to prevent exploitation.
F5, a networking software company, disclosed a long-term breach that poses an imminent threat of cyberattacks on thousands of networks, including those operated by the US government and Fortune 500 companies, potentially due to a nation-state hacking group.
Cisco has issued a warning about a high-severity, actively exploited vulnerability in IOS and IOS XE Software (CVE-2025-20352) that affects SNMP protocols, allowing remote attackers with certain credentials to execute arbitrary code or cause a denial-of-service. The flaw, rooted in a stack overflow, has been patched in Cisco IOS XE Software Release 17.15.4a, but mitigation involves restricting SNMP access to trusted users and monitoring SNMP activity.
SonicWall has urged customers to reset passwords after a security breach exposed encrypted firewall configuration backup files for less than 5% of its customers, potentially aiding attackers in exploiting firewalls. The breach involved brute-force attacks on cloud backups, with no evidence of files being leaked online. SonicWall recommends verifying backup status, resetting passwords and TOTP, and importing new preferences. The incident coincides with ongoing attacks by the Akira ransomware group exploiting SonicWall vulnerabilities to gain network access and disable security defenses.
Nevada state offices have closed and websites are offline following an unspecified network security incident, likely a cyberattack, with authorities collaborating to address the disruption.
Nevada state government offices are closed due to a network security incident, with authorities investigating the cause and working to restore services, while emergency systems remain operational and residents are warned about potential scams.
The FBI warns of Russian FSB cyber actors exploiting vulnerabilities in networking devices, particularly targeting critical infrastructure in the US and globally, using tools like SNMP and SMI to conduct reconnaissance and unauthorized access, with ongoing guidance for mitigation and reporting suspected intrusions.
Monero (XMR) experienced a 51% attack impacting its network integrity, yet its price rose by $11 in 24 hours, reaching $266 amid increased trading volume. The attack raised concerns over decentralization and stability, but XMR's price showed signs of a bullish breakout despite potential risks of a pullback. The incident highlights ongoing security challenges in the crypto space.
Researchers have discovered a new technique called Win-DDoS that exploits flaws in Windows LDAP and RPC protocols to turn public domain controllers into a powerful botnet for DDoS attacks, without requiring code execution or credentials, and identified multiple related DoS vulnerabilities that can be exploited remotely or internally, challenging assumptions about internal system safety.
Cisco has issued security updates for a critical vulnerability (CVE-2025-20309) in Unified Communications Manager that allows attackers to gain root access using static credentials, potentially leading to severe network compromise. The flaw affects multiple versions and was discovered during internal testing, with no evidence of active exploitation yet.
Palo Alto Networks has identified a critical zero-day vulnerability in its PAN-OS firewall management interface, which is being actively exploited to deploy web shells for persistent remote access. The flaw, with a CVSS score of 9.3, allows unauthenticated remote command execution and requires no user interaction. While patches are not yet available, users are urged to secure their management interfaces. The vulnerability is distinct from other recent critical flaws in Palo Alto Networks products, and there is no evidence linking the activities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged two critical vulnerabilities in Palo Alto Networks' Expedition software, which are being actively exploited. These flaws, CVE-2024-9463 and CVE-2024-9465, could allow attackers to execute arbitrary OS commands or access sensitive data. Federal agencies are required to update their systems by December 5, 2024. Palo Alto Networks has released patches and is investigating a new remote command execution vulnerability affecting some firewall interfaces.
Cisco's Talos security team has issued a warning about a widespread credential compromise campaign targeting VPNs, SSH, and web applications, with attacks originating from nearly 4,000 IP addresses. The attacks involve both generic and specific usernames, and the IP addresses appear to come from anonymizing tunnels and proxies. The campaign is indiscriminate and opportunistic, posing risks of unauthorized network access, account lockouts, and denial-of-service conditions. Cisco has provided a list of recommendations for preventing these attacks and has added the IP addresses to a block list for its VPN offerings.
