Cisco Systems has recently disclosed a severe, unpatched vulnerability affecting its IOS XE software, which is currently under active exploitation by threat actors. The zero-day flaw, identified as CVE-2023-20198, holds a critical severity rating of 10.0 on the Common Vulnerability Scoring System (CVSS). This vulnerability specifically impacts enterprise networking hardware…
Cisco has issued an urgent warning regarding a severe zero-day vulnerability in its IOS XE software, which is currently being exploited by an unknown actor to introduce a malicious Lua-based implant on affected devices. The vulnerability, designated as CVE-2023-20273, carries a CVSS score of 7.2 and is associated with privilege…
Concerns Rise Over Federal Cybersecurity Amid Shutdown The recent prolonged government shutdown has intensified worries regarding the state of federal cybersecurity, potentially creating vulnerabilities during a time when numerous workers were furloughed. This disruption has exacerbated the longstanding issues of IT backlogs within various government agencies. According to an anonymous…
On November 8, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) formally recognized a critical vulnerability in the Service Location Protocol (SLP) by adding it to its Known Exploited Vulnerabilities (KEV) catalog. This entry highlights the agency’s concerns regarding active exploitations of the flaw, which has been assigned the…
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog, adding three identified security flaws currently under active exploitation. This action underscores the ongoing priority for organizations to remain vigilant and address vulnerabilities promptly to protect their systems. The newly cataloged vulnerabilities include…
AI-Based Attacks, Artificial Intelligence & Machine Learning, Critical Infrastructure Security Also: AI-Driven Deception, Cyber Deterrence, and Resilience Anna Delaney (annamadeline) • December 26, 2025 Clockwise, from top left: Anna Delaney, Mathew Schwartz, Michael Novinson, and Tom Field The ISMG editorial team recently offered insights into the cybersecurity landscape of 2025,…
The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security has issued a critical warning concerning a new ransomware threat targeting various industries associated with critical infrastructure. This advisory was prompted by a recent cyberattack that impacted a natural gas compression facility through a spear-phishing incident,…
Qualcomm Issues Security Advisory for High-Severity Flaws In recent developments, chipmaker Qualcomm has disclosed significant information regarding three critical security vulnerabilities that were reportedly exploited in targeted attacks as of October 2023. The company emphasized that these flaws were subjected to “limited, targeted exploitation,” raising alarms about their implications for…
Cybersecurity Agencies Warn of QSnatch Malware Threat Targeting QNAP Devices In a joint advisory issued by cybersecurity agencies in the United States and the United Kingdom, significant warnings have been raised regarding an ongoing malware threat known as QSnatch, which is affecting network-attached storage (NAS) devices produced by Taiwanese company…
