Cisco News Articles

CVE-2025-20337: Actionable Report for SOC Teams

Review attack flow, detection code, and simulation test for CVE-2025-20337 vulnerability.

3 weeks ago

"Patched" but still exposed: US federal agencies must remediate Cisco flaws (again) - Help Net Security

CISA has ordered US federal agencies to fully address CVE-2025-20333 and CVE-2025-20362 in Cisco ASA and Firepower devices.

3 weeks ago

CISA warns feds to fully patch actively exploited Cisco flaws

CISA warned federal agencies to fully patch two actively exploited vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.

3 weeks ago

APT Exploits Cisco and Citrix Zero-Day Vulnerabilities - TechNadu

Amazon has discovered an APT exploiting zero-days in Cisco ISE (CVE-2025-20337) and Citrix systems (CVE-2025-5777) with custom malware.

3 weeks ago

Active Campaign Uses Cisco and Citrix 0-Days to Deploy Persistent Webshells

Amazon's threat intelligence team has uncovered a coordinated cyber campaign targeting Cisco Identity Service Engine (ISE) and Citrix systems

3 weeks ago

Amazon pins Cisco, Citrix zero-day attacks to APT group

The vendors disclosed and patched the defects last summer, but not before advanced attackers exploited the vulnerabilities to likely gain prolonged access for espionage, according to Amazon.

4 weeks ago

Citrix and Cisco attacks discovered via Amazon honeypot

Hackers exploited critical Citrix and Cisco vulnerabilities as zero-days. Amazon discovered the attacks via MadPot honeypot before patches were available.

4 weeks ago

Hackers exploited Citrix, Cisco ISE flaws in zero-day attacks

An advanced threat actor exploited the critical vulnerabilities

4 weeks ago

Cisco: Actively exploited firewall flaws now abused for DoS attacks

Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops.

1 month ago

Cisco: Actively exploited firewall flaws now abused for DoS attacks

Cisco warned this week that two vulnerabilities, which have been used in zero-day attacks, are now being exploited to force ASA and FTD firewalls into reboot loops. The tech giant released security updates on...

1 month ago

Cisco Alerts on Firewall Attacks Exploiting CVE-2025-20333, CVE-2025-20362

Cisco recently confirmed the emergence of new attack vectors aimed at its Secure Firewall products. These vulnerabilities primarily affect devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. Specifically, these exp...

Cisco Addresses Critical Vulnerabilities in ASA and Unified Contact Center Express

Cisco announces patches for critical vulnerabilities in ASA and Unified Contact Center Express. Urgent updates to prevent cyberattacks.

Cisco Addresses Critical Vulnerabilities in ASA and Unified Contact Center Express

Cisco announces patches for critical vulnerabilities in ASA and Unified Contact Center Express. Urgent updates to prevent cyberattacks.

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

Cisco warns of a new attack variant exploiting CVE-2025-20333 and CVE-2025-20362 in Secure Firewall ASA and FTD devices.

Cisco Confirms Active Exploitation of Secure ASA and FTD RCE Vulnerability

Cisco has issued a warning about a severe remote code execution vulnerability affecting its Secure Firewall, Adaptive Security Appliance.

Hackers targeting Cisco IOS XE devices with BadCandy implant

Security researchers and Australian authorities warn that exploitation activity is ongoing.

ASD Alerts: BADCANDY Attacks Exploit Cisco IOS XE Vulnerability

The Australian Signals Directorate (ASD) has raised alarms about a series of cyber attacks leveraging the BADCANDY implant. This malicious software exploits a critical vulnerability in Cisco IOS XE devices, identified as CVE-2023-20198. Overview of the Cisco IOS XE Vulnerability CVE-2023-20198 has a...

Australia Alert: BadCandy Threat Targets Unpatched Cisco Devices

In recent weeks, the Australian government has issued a critical warning regarding cyberattacks targeting unpatched Cisco IOS XE devices. These attacks aim to exploit a vulnerability designated as CVE-2023-20198, which has been associated with the BadCandy webshell. Overview of the CVE-2023-20198 Vu...

Malware Creators Monitor Your Attempts to Erase Their Code

Recent cybersecurity developments have heightened concerns about the resilience of malicious software. Specifically, a new implant named “BADCANDY” has been detected on unpatched Cisco IOS XE devices. This implant allows attackers to monitor efforts to erase their code and reintroduce their malware....

Aussie cyber agency warns of state and criminal actors abusing BADCANDY implant

The ASD’s Australian Cyber Security Centre says there are more than 150 compromised Cisco IOS XE devices embedded in Australian organisations.

Aussie cyber agency warns of state and criminal actors abusing BADCANDY implant

The ASD’s Australian Cyber Security Centre says there are more than 150 compromised Cisco IOS XE devices embedded in Australian organisations.

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

Australia warns of attacks on unpatched Cisco IOS XE devices exploiting CVE-2023-20198, allowing BadCandy webshell install.

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

ASD confirms BADCANDY malware re-infecting patched Cisco IOS XE devices through CVE-2023-20198 flaw.

Attackers Exploit Cisco IOS XE Vulnerability to Deploy BADCANDY Web Shell

Cybersecurity authorities are warning of ongoing exploitation campaigns targeting Cisco IOS XE devices through a critical vulnerability.

Cisco IOS XE Vulnerability Being Abused in the Wild to Plant BADCANDY

Cybersecurity authorities are raising urgent alarms as threat actors continue to exploit a critical vulnerability in Cisco IOS XE devices.

Hackers Exploiting Cisco IOS XE Vulnerability in the Wild to Deploy BADCANDY Web Shell

Cybercriminals and state-sponsored actors are ramping up attacks on unpatched Cisco IOS XE devices across Australia, deploying a persistent Lua-based web shell known as BADCANDY to maintain unauthorized access.

Hundreds Of Australian Devices Compromised With BadCandy Implant - The Cyber Express

Australian cyber agency has issued a critical advisory warning that over 150 devices in Australia remain compromised with the BadCandy implant as of late

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352) - Help Net Security

Hackers exploited a recently patched IOS/IOS XE vulnerability (CVE-2025-20352) to deploy Linux rootkits on vulnerable Cisco network devices.

Hackers exploit Cisco SNMP flaw to deploy rootkit on switches

Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in older, unprotected Cisco networking devices to deploy a Linux rootkit and gain persistent access.

Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in "Zero Disco' Attacks

Operation Zero Disco exploits Cisco IOS flaw CVE-2025-20352 to deploy persistent Linux rootkits

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits

Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series.

Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws

Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers.

Cisco's Wave of Zero-Day Bugs Targets Firewalls, IOS

Patch now: Cisco recently disclosed four zero-days, including three targeted by a nation-state actor previously behind the "ArcaneDoor" campaign.

Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive

Cisco ASA zero-days CVE-2025-20333 and 20362 exploited; CISA issues ED 25-03 for urgent patching.

Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software

Cisco fixes CVE-2025-20352 SNMP flaw exploited in the wild, risking remote code execution or DoS.

Second Tea data breach exposes user chats.

PoC exploit published for maximum-severity Cisco ISE flaw. CISA warns of PaperCut vulnerability exploitation.

Two 10.0 Cisco ISE bugs added to CISA list of exploited vulnerabilities

Security teams should patch right away because exploiting ISE lets attackers gain full control of an enterprise network.

CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA

CISA has added three new vulnerabilities to its KEV Catalog, based on evidence of active exploitation

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut flaws to its Known Exploited Vulnerabilities catalog.

Exploit available for critical Cisco ISE bug exploited in attacks

Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE).

Cisco confirms active exploitation of ISE and ISE-PIC flaws

Cisco warns of active exploits targeting Identity Services Engine (ISE) and ISE-PIC flaws, first observed in July 2025.

Cisco warns of attempted exploitation of max severity ISE flaws

Three separate flaws could each enable unauthenticated RCE with root privileges.

Critical Cisco ISE Vulnerabilities Actively Exploited in RCE Attacks

Cisco has issued a critical security advisory warning of multiple unauthenticated remote code execution vulnerabilities in its Identity Services Engine (ISE).

Cisco Alerts on ISE RCE Vulnerability Actively Exploited

Cisco has issued an urgent security advisory warning that a set of critical remote code execution (RCE) vulnerabilities.

Cisco Warns of Identity Services Engine RCE Vulnerability Exploited in the Wild

Cisco Systems has issued a critical security advisory warning of multiple remote code execution vulnerabilities in its Identity Services Engine (ISE) that are being actively exploited by attackers in the wild.

Cisco Updates Advisory with Additional Maximum Severity Unauthenticated RCE in ISE and ISE-PIC I Arctic Wolf

On July 16, 2025, Cisco updated its advisory to include a third maximum-severity vulnerability affecting Cisco Identity Services Engine (ISE) and ISE-Passive Identity Connector (ISE-PIC), tracked as CVE-2025-20337.

Cisco Updates Advisory with Additional Maximum Severity Unauthenticated RCE in ISE and ISE-PIC I Arctic Wolf

On July 16, 2025, Cisco updated its advisory to include a third maximum-severity vulnerability affecting Cisco Identity Services Engine (ISE) and ISE-Passive Identity Connector (ISE-PIC), tracked as CVE-2025-20337.

Cisco CVE-2025-20337 & ISE-PIC Vulnerabilities Uncovered

Cisco warns CVE-2025-20337, CVE-2025-20281, and CVE-2025-20282 flaws in ISE and ISE-PIC.