Identity & Access Management, Network Firewalls, Network Access Control, Security Operations Cisco Secure Firewall Management Centers Exposed to Critical Vulnerability Pooja Tikekar (@PoojaTikekar) • August 18, 2025 Image: Anucha Cheechang/Shutterstock Cisco has alerted its firewall customers to implement urgent patches following the identification of a critical vulnerability. This flaw poses…
Severe RCE Vulnerabilities in Cisco ISE and ISE-PIC Enable Unauthenticated Attackers to Obtain Root Access
Jun 26, 2025
Vulnerability, Network Security
Cisco has issued updates to resolve two critical security vulnerabilities in the Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that may allow unauthenticated attackers to execute arbitrary commands with root privileges. These vulnerabilities, identified as CVE-2025-20281 and CVE-2025-20282, both carry a maximum CVSS score of 10.0. Here’s a detailed overview of the vulnerabilities:
CVE-2025-20281: A remote code execution flaw impacting Cisco ISE and ISE-PIC versions 3.3 and later, enabling an unauthenticated attacker to execute arbitrary code on the system as root.
CVE-2025-20282: A remote code execution vulnerability in Cisco ISE and ISE-PIC version 3.4 that allows an unauthenticated attacker to upload arbitrary files to the device and execute them as root.
Cisco has indicated that CVE-2025-20281 stems from inadequate…
Cisco Addresses Critical RCE Vulnerabilities in ISE and ISE-PIC On June 26, 2025, Cisco issued urgent updates to mitigate two severe vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). These flaws could allow unauthenticated remote attackers to execute arbitrary commands with root privileges, potentially jeopardizing…
Severe RCE Vulnerabilities in Cisco ISE and ISE-PIC Enable Unauthenticated Attackers to Obtain Root Access
Jun 26, 2025
Vulnerability, Network Security
Cisco has issued updates to resolve two critical security vulnerabilities in the Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that may allow unauthenticated attackers to execute arbitrary commands with root privileges. These vulnerabilities, identified as CVE-2025-20281 and CVE-2025-20282, both carry a maximum CVSS score of 10.0. Here’s a detailed overview of the vulnerabilities:
CVE-2025-20281: A remote code execution flaw impacting Cisco ISE and ISE-PIC versions 3.3 and later, enabling an unauthenticated attacker to execute arbitrary code on the system as root.
CVE-2025-20282: A remote code execution vulnerability in Cisco ISE and ISE-PIC version 3.4 that allows an unauthenticated attacker to upload arbitrary files to the device and execute them as root.
Cisco has indicated that CVE-2025-20281 stems from inadequate…
Severe Cisco Vulnerability in Unified CM Allows Root Access via Hard-Coded Credentials
July 3, 2025
Vulnerability / Network Security
Cisco has issued patches to fix a critical security flaw in Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability could enable an attacker to access susceptible devices with root privileges, achieving a CVSS score of 10.0 under the identifier CVE-2025-20309. In an advisory released on Wednesday, Cisco noted that “this vulnerability arises from the use of static user credentials for the root account, which are meant for development use only.” An attacker could exploit this flaw to log into an affected system and execute arbitrary commands as a root user. Hard-coded credentials often stem from testing or temporary fixes during development, but they should never be present in live environments.
Critical Cisco Flaw in Unified Communications Manager Enables Root Access via Static Credentials On July 3, 2025, Cisco issued critical security updates aimed at addressing a significant vulnerability in its Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability, designated CVE-2025-20309, boasts a…
Severe Cisco Vulnerability in Unified CM Allows Root Access via Hard-Coded Credentials
July 3, 2025
Vulnerability / Network Security
Cisco has issued patches to fix a critical security flaw in Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability could enable an attacker to access susceptible devices with root privileges, achieving a CVSS score of 10.0 under the identifier CVE-2025-20309. In an advisory released on Wednesday, Cisco noted that “this vulnerability arises from the use of static user credentials for the root account, which are meant for development use only.” An attacker could exploit this flaw to log into an affected system and execute arbitrary commands as a root user. Hard-coded credentials often stem from testing or temporary fixes during development, but they should never be present in live environments.
GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools
July 15, 2025
Cybercrime / Ransomware
Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda Büyükkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.
GLOBAL GROUP RaaS Expands Operations with Advanced AI Negotiation Tools July 15, 2025 Cybercrime / Ransomware A newly identified ransomware-as-a-service (RaaS) entity, referred to as GLOBAL GROUP, has rapidly gained traction, targeting various sectors across Australia, Brazil, Europe, and the United States since its inception in early June 2025. Researchers…
GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools
July 15, 2025
Cybercrime / Ransomware
Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda Büyükkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.
Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb (CVE-2025-25257)
July 11, 2025, United States
Fortinet has unveiled a patch addressing a severe security vulnerability in FortiWeb, which could allow unauthenticated attackers to execute arbitrary database commands on affected systems. Designated as CVE-2025-25257, this flaw has a CVSS score of 9.6 out of 10. According to Fortinet’s advisory, the vulnerability stems from “improper neutralization of special elements used in an SQL command (SQL Injection) [CWE-89],” enabling unauthorized SQL code execution through specially crafted HTTP or HTTPS requests.
The vulnerability affects the following FortiWeb versions:
Kentaro Kawane from GMO Cybersecurity is credited with reporting this significant vulnerability, as well as several critical issues in Cisco systems.
Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb On July 11, 2025, Fortinet announced the release of urgent patches for a significant security vulnerability in FortiWeb, a web application firewall. This flaw, designated CVE-2025-25257, poses a serious risk, allowing unauthorized attackers the potential to execute arbitrary SQL commands…
Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb (CVE-2025-25257)
July 11, 2025, United States
Fortinet has unveiled a patch addressing a severe security vulnerability in FortiWeb, which could allow unauthenticated attackers to execute arbitrary database commands on affected systems. Designated as CVE-2025-25257, this flaw has a CVSS score of 9.6 out of 10. According to Fortinet’s advisory, the vulnerability stems from “improper neutralization of special elements used in an SQL command (SQL Injection) [CWE-89],” enabling unauthorized SQL code execution through specially crafted HTTP or HTTPS requests.
The vulnerability affects the following FortiWeb versions:
Kentaro Kawane from GMO Cybersecurity is credited with reporting this significant vulnerability, as well as several critical issues in Cisco systems.
The federal judiciary has announced that it is intensifying its efforts to enhance cybersecurity measures in a bid to protect its case management system from persistent and sophisticated cyber threats. This move comes in light of recent cyberattacks that have underscored the vulnerabilities inherent in its outdated systems. A prominent…
Cyberwarfare / Nation-State Attacks, Data Breach Notification, Data Security Also: US Cyber Grants Are Declining; Hybrid Threats Renew Focus on Operational Technology Resilience Anna Delaney (@annamadeline) • August 8, 2025 Clockwise, from top left: Anna Delaney, Mathew Schwartz, Chris Riotta, and Tony Morbin In a recent discussion, four editors from…
Home » AIRLINE NEWS » Data Breach at Air France-KLM: Passenger Information Compromised, Raising Phishing and Identity Theft Concerns Published on August 8, 2025 | By: TTW News Desk Image Credit: KLM In a troubling development, the Air France-KLM Group has disclosed a data breach affecting its customer base. The…
On July 17, 2025, Cisco revealed a critical security flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could enable attackers to execute arbitrary code on the operating system with elevated privileges. Labeled CVE-2025-20337, this vulnerability has a CVSS score of 10.0 and is akin to CVE-2025-20281, which was resolved by Cisco last month.
According to Cisco’s advisory, “Multiple vulnerabilities in a specific API of Cisco ISE and ISE-PIC could permit an unauthenticated, remote attacker to execute arbitrary code as root without requiring any valid credentials.” The vulnerabilities stem from inadequate validation of user-supplied input, allowing an attacker to exploit them through specially crafted API requests. A successful exploit could result in extensive control over the affected systems.
Cisco Issues Urgent Alert on High-Severity Vulnerability in ISE Software July 17, 2025 Vulnerability / Network Security Cisco has recently unveiled a serious security vulnerability affecting its Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC). Officially cataloged as CVE-2025-20337, this flaw allows unauthenticated attackers to execute…
On July 17, 2025, Cisco revealed a critical security flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could enable attackers to execute arbitrary code on the operating system with elevated privileges. Labeled CVE-2025-20337, this vulnerability has a CVSS score of 10.0 and is akin to CVE-2025-20281, which was resolved by Cisco last month.
According to Cisco’s advisory, “Multiple vulnerabilities in a specific API of Cisco ISE and ISE-PIC could permit an unauthenticated, remote attacker to execute arbitrary code as root without requiring any valid credentials.” The vulnerabilities stem from inadequate validation of user-supplied input, allowing an attacker to exploit them through specially crafted API requests. A successful exploit could result in extensive control over the affected systems.
