All CosmicBytez Labs articles tagged #Cisco, across news, security advisories, how-to guides, and projects.
A CVSS 10.0 authentication bypass in Cisco Secure Workload allows unauthenticated remote attackers to access internal REST APIs with full Site Admin privileges.
This week's cybersecurity landscape opened with a critical Microsoft Exchange spoofing zero-day under active exploitation, a coordinated npm/PyPI supply...
Cisco has patched a maximum-severity authentication bypass flaw in its Catalyst SD-WAN Controller that has already been exploited in limited attacks....
Cisco has patched CVE-2026-20182, a zero-day in Catalyst SD-WAN Manager that has been actively exploited in targeted attacks by sophisticated threat actor...
The threat group UAT-8616 is actively exploiting a new Cisco SD-WAN zero-day and has been linked to multiple prior Cisco firewall and SD-WAN vulnerability...
Other noteworthy stories this week: Big Tech firms push back against Canada's encryption legislation, Cisco releases a free AI security specification, and...
A critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager allows an unauthenticated remote attacker to bypass...
Cisco has released a new open source toolkit designed to track and verify the provenance of AI models throughout the supply chain, addressing risks from...
CISA and the UK's NCSC have revealed that a US federal civilian agency's Cisco Firepower device running ASA software was compromised in September 2025...
US and UK cybersecurity agencies are warning about Firestarter, a custom implant that persists on Cisco Firepower and Secure Firewall devices running ASA...
Vercel confirms breach through a compromised third-party AI coding tool; North Korean hackers attributed to a $290 million crypto theft; 6,400 Apache...
Cisco Catalyst SD-WAN Manager contains a privileged API misuse vulnerability that allows an attacker to upload a malicious file to the local file system...
Cisco has released security advisories addressing a batch of critical and high-severity vulnerabilities across multiple products, covering flaws that...
A large-scale credential harvesting campaign has been observed exploiting the React2Shell vulnerability (CVE-2025-55182) as an initial infection vector,...
Cisco has suffered a major cyberattack after threat actors leveraged stolen credentials from the recent Trivy supply chain compromise to breach its...
CVE-2026-20131, a maximum-severity CVSS 10.0 insecure deserialization flaw in Cisco Firepower Management Center, was exploited by Interlock ransomware as...
CISA added actively exploited Zimbra Collaboration Suite and Microsoft SharePoint vulnerabilities to its Known Exploited Vulnerabilities catalog on March...
The Interlock ransomware gang has been actively exploiting a CVSS 10.0 insecure deserialization flaw in Cisco Secure Firewall Management Center since late...
This week: Google reports 90 zero-days exploited in 2025 with enterprise tech at 48%, CISA issues emergency directive for Cisco SD-WAN CVSS 10 zero-day,...
A maximum-severity authentication bypass in Cisco Catalyst SD-WAN (CVE-2026-20127, CVSS 10.0) has been actively exploited by threat actor UAT-8616 since...
A CVSS 10.0 authentication bypass in Cisco Catalyst SD-WAN has been exploited since at least 2023. CISA issues Emergency Directive ED 26-03 as all Five...
An actively exploited zero-day in Cisco Unified Communications allows unauthenticated remote code execution with root privileges via crafted HTTP...
Cisco discloses a high-severity privilege escalation vulnerability in IOS XE Web UI that allows authenticated users to gain root access. Active...
Cisco has released emergency patches for a critical vulnerability in Webex that could allow unauthenticated remote code execution. Organizations urged to...