433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco SD-WAN vEdge Software Access Control List Bypass Vulnerability

A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement of the implicit deny all at the end of a configured ACL. An attacker could exploit this vulnerability by attempting to send unauthorized traffic to an interface on an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-defaultacl-pSJk9nVF Security Impact Rating: Medium CVE: CVE-2025-20339
http://news.poseidon-us.com/TNGWhv

Cisco Access Point Software Intermittent IPv6 Gateway Change Vulnerability

A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on an affected device. This vulnerability is due to a logic error in the processing of IPv6 RA packets that are received from wireless clients. An attacker could exploit this vulnerability by associating to a wireless network and sending a series of crafted IPv6 RA packets. A successful exploit could allow the attacker to temporarily change the IPv6 gateway of an affected device. This could also lead to intermittent packet loss for any wireless clients that are associated with the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ipv6-gw-tUAzpn9O Security Impact Rating: Medium CVE: CVE-2025-20365
http://news.poseidon-us.com/TNGWhQ

A new lawsuit says the Department of Energy is quietly dismantling FOIA and public transparency

“To close the request when you don’t affirmatively hear back defies and undermines what Congress intended,” said Chioma Chukwu. The post A new lawsuit says the Department of Energy is quietly dismantling FOIA and public transparency first appeared on Federal News Network.
http://news.poseidon-us.com/TNGWKX

AI-powered smart bandage heals wounds 25% faster

A new wearable device, a-Heal, combines AI, imaging, and bioelectronics to speed up wound recovery. It continuously monitors wounds, diagnoses healing stages, and applies personalized treatments like medicine or electric fields. Preclinical tests showed healing about 25% faster than standard care, highlighting potential for chronic wound therapy.
http://news.poseidon-us.com/TNGT8Y

Construction Scheduler Job Description: Role, Responsibilities & Skills

A construction scheduler plays a central role in keeping building projects organized and moving forward. They are responsible for developing realistic schedules that account for timelines, resources and dependencies across multiple tasks. The success of any construction project depends on… Read More The post Construction Scheduler Job Description: Role, Responsibilities & Skills appeared first on ProjectManager.
http://news.poseidon-us.com/TNGSMR

SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399)

SolarWinds has fixed yet another unauthenticated remote code execution vulnerability (CVE-2025-26399) in Web Help Desk (WHD), its popular web-based IT ticketing and asset management solution. While the vulnerability is currently not being leveraged by attackers, they might soon reverse-engineer the hotfix and create a working exploit. As watchTowr researchers noted, “given SolarWinds’ past, in-the-wild exploitation is highly likely.” About CVE-2025-26399 “[CVE-2025-26399] exists within the AjaxProxy class. The issue results from the lack of proper validation … More → The post SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399) appeared first on Help Net Security.
http://news.poseidon-us.com/TNGQ9p

RedNovember Targets Government, Defense, and Technology Organizations

RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the latest findings and victimology from Recorded Future’s in-depth analysis.
http://news.poseidon-us.com/TNGNph

Teleport unveils AI-powered summaries for session recordings

Teleport released AI Session Summaries, a new capability in Teleport Identity Security that enables customers to summarize insights from thousands of hours of session recordings in minutes. Teleport generates session recordings of SSH, Kubernetes, and database access events, capturing a granular record of who did what in infrastructure. Security and compliance teams often invest substantial time reviewing session logs in order to meet audit requirements, or to undertake forensic investigation when identifying suspicious or anomalous … More → The post Teleport unveils AI-powered summaries for session recordings appeared first on Help Net Security.
http://news.poseidon-us.com/TNGLy9

Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689)

Suspected state-sponsored attackers have exploited a zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway (ESG), the Italian email security company has confirmed. About CVE-2025-59689 CVE-2025-59689 is a command injection vulnerability caused by improper sanitization when removing active code from files inside certain compressed archive formats. It can be triggered by emails containing a specially crafted compressed attachment. “Within the archive, the payload files are constructed to manipulate the application’s sanitization logic, exploiting an improper … More → The post Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689) appeared first on Help Net Security.
http://news.poseidon-us.com/TNGLxH