Farmers Insurance has announced a data breach affecting approximately 1.1 million customers. This incident, linked to the hacker groups ShinyHunters and Scattered Spider, reflects a troubling trend of cyberattacks targeting organizations using Salesforce’s platform. Farmers Insurance has recently revealed a significant data breach impacting over 1.1 million customers. The company…
April 19, 2023
Network Security / Cyber Espionage
Cybersecurity and intelligence agencies from the U.S. and U.K. have issued a warning about Russian state-sponsored actors exploiting recently patched vulnerabilities in Cisco networking equipment for reconnaissance and malware deployment against specific targets. These intrusions occurred in 2021 and affected a limited number of entities across Europe, U.S. government agencies, and around 250 Ukrainian victims. The activity has been linked to the threat group APT28, also known as Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, and Sofacy, which is connected to the Russian General Staff Main Intelligence Directorate (GRU). The National Cyber Security Centre (NCSC) noted that APT28 gained access to vulnerable routers using default and weak SNMP community strings, as well as by exploiting CVE-2017-6742, a remote code execution vulnerability with a CVSS score of 8.8.
U.S. and U.K. Governments Alert on Russian Cyber Actors Exploiting Cisco Vulnerabilities On April 19, 2023, cybersecurity and intelligence agencies from the United States and the United Kingdom issued a warning regarding the activities of Russian state-sponsored hackers. These actors have been identified as exploiting previously patched vulnerabilities in Cisco…
April 19, 2023
Network Security / Cyber Espionage
Cybersecurity and intelligence agencies from the U.S. and U.K. have issued a warning about Russian state-sponsored actors exploiting recently patched vulnerabilities in Cisco networking equipment for reconnaissance and malware deployment against specific targets. These intrusions occurred in 2021 and affected a limited number of entities across Europe, U.S. government agencies, and around 250 Ukrainian victims. The activity has been linked to the threat group APT28, also known as Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, and Sofacy, which is connected to the Russian General Staff Main Intelligence Directorate (GRU). The National Cyber Security Centre (NCSC) noted that APT28 gained access to vulnerable routers using default and weak SNMP community strings, as well as by exploiting CVE-2017-6742, a remote code execution vulnerability with a CVSS score of 8.8.
June 5, 2025
Network Security / Vulnerability
Cisco has issued security patches for a severe vulnerability affecting its Identity Services Engine (ISE). This flaw, identified as CVE-2025-20286 and rated 9.9 out of 10 on the CVSS scale, could be exploited by unauthenticated attackers to perform harmful actions on vulnerable systems. The vulnerability, categorized as a static credential issue, affects cloud deployments on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). Cisco warned that attackers could potentially access sensitive data, perform limited administrative tasks, alter system configurations, or disrupt services in the affected environments. The networking company credited Kentaro Kawane from GMO Cybersecurity for reporting the flaw and acknowledged the presence of a proof-of-concept (PoC) exploit, although no active exploitation has been confirmed.
Critical Cisco ISE Authentication Bypass Vulnerability Threatens Cloud Environments on AWS, Azure, and OCI On June 5, 2025, Cisco announced the release of security patches addressing a high-severity vulnerability within its Identity Services Engine (ISE). This flaw, designated as CVE-2025-20286, has received a CVSS score of 9.9 out of 10,…
June 5, 2025
Network Security / Vulnerability
Cisco has issued security patches for a severe vulnerability affecting its Identity Services Engine (ISE). This flaw, identified as CVE-2025-20286 and rated 9.9 out of 10 on the CVSS scale, could be exploited by unauthenticated attackers to perform harmful actions on vulnerable systems. The vulnerability, categorized as a static credential issue, affects cloud deployments on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). Cisco warned that attackers could potentially access sensitive data, perform limited administrative tasks, alter system configurations, or disrupt services in the affected environments. The networking company credited Kentaro Kawane from GMO Cybersecurity for reporting the flaw and acknowledged the presence of a proof-of-concept (PoC) exploit, although no active exploitation has been confirmed.
The FBI and Cisco have issued urgent warnings about Russian hackers exploiting a seven-year-old vulnerability in Cisco Smart Install, impacting outdated routers and switches globally. A significant number of legacy Cisco devices, which no longer receive security updates, are currently being targeted as part of a sophisticated cyber espionage campaign,…
A significant data breach at Allianz Life has been exposed, with the credential notification site Have I Been Pwned reporting that approximately 1.1 million accounts have been compromised. This figure represents a substantial proportion of Allianz Life’s 1.4 million North American customers, alongside data from financial professionals and specific Allianz…
Identity & Access Management, Network Firewalls, Network Access Control, Security Operations Cisco Secure Firewall Management Centers Exposed to Critical Vulnerability Pooja Tikekar (@PoojaTikekar) • August 18, 2025 Image: Anucha Cheechang/Shutterstock Cisco has alerted its firewall customers to implement urgent patches following the identification of a critical vulnerability. This flaw poses…
Severe RCE Vulnerabilities in Cisco ISE and ISE-PIC Enable Unauthenticated Attackers to Obtain Root Access
Jun 26, 2025
Vulnerability, Network Security
Cisco has issued updates to resolve two critical security vulnerabilities in the Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that may allow unauthenticated attackers to execute arbitrary commands with root privileges. These vulnerabilities, identified as CVE-2025-20281 and CVE-2025-20282, both carry a maximum CVSS score of 10.0. Here’s a detailed overview of the vulnerabilities:
CVE-2025-20281: A remote code execution flaw impacting Cisco ISE and ISE-PIC versions 3.3 and later, enabling an unauthenticated attacker to execute arbitrary code on the system as root.
CVE-2025-20282: A remote code execution vulnerability in Cisco ISE and ISE-PIC version 3.4 that allows an unauthenticated attacker to upload arbitrary files to the device and execute them as root.
Cisco has indicated that CVE-2025-20281 stems from inadequate…
Cisco Addresses Critical RCE Vulnerabilities in ISE and ISE-PIC On June 26, 2025, Cisco issued urgent updates to mitigate two severe vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). These flaws could allow unauthenticated remote attackers to execute arbitrary commands with root privileges, potentially jeopardizing…
Severe RCE Vulnerabilities in Cisco ISE and ISE-PIC Enable Unauthenticated Attackers to Obtain Root Access
Jun 26, 2025
Vulnerability, Network Security
Cisco has issued updates to resolve two critical security vulnerabilities in the Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that may allow unauthenticated attackers to execute arbitrary commands with root privileges. These vulnerabilities, identified as CVE-2025-20281 and CVE-2025-20282, both carry a maximum CVSS score of 10.0. Here’s a detailed overview of the vulnerabilities:
CVE-2025-20281: A remote code execution flaw impacting Cisco ISE and ISE-PIC versions 3.3 and later, enabling an unauthenticated attacker to execute arbitrary code on the system as root.
CVE-2025-20282: A remote code execution vulnerability in Cisco ISE and ISE-PIC version 3.4 that allows an unauthenticated attacker to upload arbitrary files to the device and execute them as root.
Cisco has indicated that CVE-2025-20281 stems from inadequate…
Severe Cisco Vulnerability in Unified CM Allows Root Access via Hard-Coded Credentials
July 3, 2025
Vulnerability / Network Security
Cisco has issued patches to fix a critical security flaw in Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability could enable an attacker to access susceptible devices with root privileges, achieving a CVSS score of 10.0 under the identifier CVE-2025-20309. In an advisory released on Wednesday, Cisco noted that “this vulnerability arises from the use of static user credentials for the root account, which are meant for development use only.” An attacker could exploit this flaw to log into an affected system and execute arbitrary commands as a root user. Hard-coded credentials often stem from testing or temporary fixes during development, but they should never be present in live environments.
Critical Cisco Flaw in Unified Communications Manager Enables Root Access via Static Credentials On July 3, 2025, Cisco issued critical security updates aimed at addressing a significant vulnerability in its Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability, designated CVE-2025-20309, boasts a…
Severe Cisco Vulnerability in Unified CM Allows Root Access via Hard-Coded Credentials
July 3, 2025
Vulnerability / Network Security
Cisco has issued patches to fix a critical security flaw in Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability could enable an attacker to access susceptible devices with root privileges, achieving a CVSS score of 10.0 under the identifier CVE-2025-20309. In an advisory released on Wednesday, Cisco noted that “this vulnerability arises from the use of static user credentials for the root account, which are meant for development use only.” An attacker could exploit this flaw to log into an affected system and execute arbitrary commands as a root user. Hard-coded credentials often stem from testing or temporary fixes during development, but they should never be present in live environments.
GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools
July 15, 2025
Cybercrime / Ransomware
Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda Büyükkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.
GLOBAL GROUP RaaS Expands Operations with Advanced AI Negotiation Tools July 15, 2025 Cybercrime / Ransomware A newly identified ransomware-as-a-service (RaaS) entity, referred to as GLOBAL GROUP, has rapidly gained traction, targeting various sectors across Australia, Brazil, Europe, and the United States since its inception in early June 2025. Researchers…
GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools
July 15, 2025
Cybercrime / Ransomware
Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda Büyükkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.
