In the realm of cybersecurity, recent developments from April’s Patch Tuesday have highlighted numerous critical vulnerabilities affecting significant software vendors including Adobe, Fortinet, Microsoft, and SAP. Topping the list is an SQL injection vulnerability affecting SAP’s Business Planning and Consolidation and Business Warehouse systems (CVE-2026-27681), which carries a CVSS score…
Across the globe, over one billion Bluetooth-enabled devices—including smartphones, laptops, smart IoT devices, and industrial equipment—are exposed to a significant vulnerability that could enable attackers to monitor data exchanged between paired devices. This flaw, known by its designation CVE-2019-9506, stems from weaknesses in the encryption key negotiation protocol used by…
Several vulnerabilities have been discovered in Cisco’s network devices, reportedly allowing unauthorized access and control for potential hackers. This alarming situation encompasses five new high-severity security flaws that target various Cisco routers, switches, IP phones, and IP cameras. Specifically, four of these vulnerabilities involve remote code execution, while one is…
Cisco Warns of Active Zero-Day Vulnerability in Router Software Cisco has issued an urgent alert regarding an active zero-day vulnerability in its router software that is currently being exploited in real-world attacks. This vulnerability could permit a remote, authenticated attacker to execute memory exhaustion attacks on affected devices, thereby compromising…
A recently identified zero-click remote code execution (RCE) vulnerability in Microsoft Teams’ desktop applications poses significant risks to users. This flaw enables potential adversaries to execute arbitrary code on a targeted system merely by sending a specially crafted chat message. The vulnerability was reported on August 31, 2020, by Oskars…
Cisco has recently addressed four critical vulnerabilities in its Jabber video conferencing and messaging application, vulnerabilities that had previously been inadequately mitigated, thus exposing users to potential remote attacks. The company disclosed these fixes following a report highlighting ongoing security shortcomings reported earlier this month by the Norwegian cybersecurity firm…
February 26, 2021
Cisco has released a critical security patch for a severe vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO). This flaw potentially enables unauthenticated remote attackers to bypass authentication on compromised devices. According to a recent advisory from the company, “An attacker could exploit this vulnerability by sending a crafted request to the affected API.” A successful exploit could allow the attacker to obtain a token with administrator-level privileges, enabling authentication to the affected MSO and Cisco Application Policy Infrastructure Controller (APIC) devices. Identified as CVE-2021-1388, this vulnerability scores a 10 (out of 10) on the CVSS vulnerability scale and arises from improper token validation in an API endpoint of the Cisco ACI MSO installed on the Application Services Engine. It impacts ACI MSO versions running on the 3.0 software release. The ACI Multi-Site Orchestrator enables customers to monitor and manage their network infrastructure effectively.
Cisco Issues Critical Security Fixes for Major Vulnerabilities in Its Products February 26, 2021 Cisco has announced the release of security patches addressing a vulnerability of maximum severity within its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO). This flaw could allow an unauthenticated remote attacker to bypass authentication on affected…
February 26, 2021
Cisco has released a critical security patch for a severe vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO). This flaw potentially enables unauthenticated remote attackers to bypass authentication on compromised devices. According to a recent advisory from the company, “An attacker could exploit this vulnerability by sending a crafted request to the affected API.” A successful exploit could allow the attacker to obtain a token with administrator-level privileges, enabling authentication to the affected MSO and Cisco Application Policy Infrastructure Controller (APIC) devices. Identified as CVE-2021-1388, this vulnerability scores a 10 (out of 10) on the CVSS vulnerability scale and arises from improper token validation in an API endpoint of the Cisco ACI MSO installed on the Application Services Engine. It impacts ACI MSO versions running on the 3.0 software release. The ACI Multi-Site Orchestrator enables customers to monitor and manage their network infrastructure effectively.
FBI Alerts on FSB-Linked Hackers Targeting Unpatched Cisco Devices for Cyber Espionage
Date: Aug 20, 2025 | Cyber Espionage / Vulnerability
A state-sponsored Russian hacking group, identified as Static Tundra, is exploiting a seven-year-old vulnerability in Cisco IOS and Cisco IOS XE software to gain persistent access to targeted networks. Cisco Talos revealed that these attacks are primarily aimed at telecommunications, higher education, and manufacturing sectors across North America, Asia, Africa, and Europe. Potential victims are selected based on their “strategic interest” to Russia, with recent targets focusing on Ukraine and its allies amid the ongoing Russo-Ukrainian conflict. The exploited vulnerability, CVE-2018-0171 (CVSS score: 9.8), is a critical flaw in the Smart Install feature of Cisco software, which may allow unauthorized remote attackers to initiate denial-of-service (DoS) attacks or execute arbitrary code.
FBI Alerts to FSB-Linked Hackers Targeting Unpatched Cisco Devices for Cyber Espionage On August 20, 2025, the FBI issued a warning regarding a Russian state-sponsored cyber espionage group known as Static Tundra. This group has been identified as exploiting a significant vulnerability in Cisco IOS and Cisco IOS XE software,…
FBI Alerts on FSB-Linked Hackers Targeting Unpatched Cisco Devices for Cyber Espionage
Date: Aug 20, 2025 | Cyber Espionage / Vulnerability
A state-sponsored Russian hacking group, identified as Static Tundra, is exploiting a seven-year-old vulnerability in Cisco IOS and Cisco IOS XE software to gain persistent access to targeted networks. Cisco Talos revealed that these attacks are primarily aimed at telecommunications, higher education, and manufacturing sectors across North America, Asia, Africa, and Europe. Potential victims are selected based on their “strategic interest” to Russia, with recent targets focusing on Ukraine and its allies amid the ongoing Russo-Ukrainian conflict. The exploited vulnerability, CVE-2018-0171 (CVSS score: 9.8), is a critical flaw in the Smart Install feature of Cisco software, which may allow unauthorized remote attackers to initiate denial-of-service (DoS) attacks or execute arbitrary code.
June 03, 2021
Major software vulnerabilities are an ongoing reality, as evidenced by Microsoft’s patching of between 55 and 110 vulnerabilities each month this year, with 7% to 17% classified as critical. May recorded the lowest number of vulnerabilities, totaling 55, with only four deemed critical. Alarmingly, many of these critical vulnerabilities are familiar foes, such as remote code execution and privilege escalation. Microsoft isn’t alone in this; companies like Apple, Adobe, Google, and Cisco also issue regular security updates to address significant vulnerabilities.
With major flaws affecting so many applications, can we envision a secure future? The answer is yes, but the road ahead will undoubtedly present challenges. Although these vulnerabilities may not be new to seasoned defenders, adversaries continuously adapt and exploit these weaknesses.
Recurring Vulnerabilities: A Persistent Challenge in Cybersecurity June 3, 2021 Software vulnerabilities continue to plague organizations across the globe, as evidenced by the fact that Microsoft has addressed between 55 and 110 vulnerabilities every month this year. Alarmingly, 7% to 17% of these identified vulnerabilities have been classified as critical,…
June 03, 2021
Major software vulnerabilities are an ongoing reality, as evidenced by Microsoft’s patching of between 55 and 110 vulnerabilities each month this year, with 7% to 17% classified as critical. May recorded the lowest number of vulnerabilities, totaling 55, with only four deemed critical. Alarmingly, many of these critical vulnerabilities are familiar foes, such as remote code execution and privilege escalation. Microsoft isn’t alone in this; companies like Apple, Adobe, Google, and Cisco also issue regular security updates to address significant vulnerabilities.
With major flaws affecting so many applications, can we envision a secure future? The answer is yes, but the road ahead will undoubtedly present challenges. Although these vulnerabilities may not be new to seasoned defenders, adversaries continuously adapt and exploit these weaknesses.
