433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Tracking drones with the 5G tower down the street

Drone detection in cities is expensive. Dedicated radar installations are cost-prohibitive at scale, cameras have limited range and stop working well at night, and LiDAR systems have the same cost problem as radar. A group of researchers at the University of Science and Technology of China spent the past year working on a different approach: using 5G-Advanced base stations that are already in the ground to do the job instead. The 5G-A base station Active … More → The post Tracking drones with the 5G tower down the street appeared first on Help Net Security.
http://news.poseidon-us.com/TRqfhq

Your customer passed authentication. So why are they sending money to a scammer?

In this Help Net Security video, Lenny Gusel, Head of Fraud Solutions in North America at Feedzai, explains how customer identity and access management has converged with digital fraud detection, and why treating them as separate systems creates real risk. The core idea is continuous, contextual trust. Where traditional IAM grants access at a single point in time, fraud systems track behavior throughout an entire session, reading device signals, network context, and how a user … More → The post Your customer passed authentication. So why are they sending money to a scammer? appeared first on Help Net Security.
http://news.poseidon-us.com/TRqddR

Cybercriminals take aim at Hasbro, weeks of recovery ahead

Hasbro, an American toy maker with more than 5,000 employees, confirmed a cyberattack and proactively took certain systems offline. The intrusion was detected on March 28, and the company promptly activated its incident response protocols. The company said the investigation is ongoing with support from third-party cybersecurity professionals as it works to determine the scope of the incident, while business continuity measures remain in place to support order processing, shipping, and other operations. “The need … More → The post Cybercriminals take aim at Hasbro, weeks of recovery ahead appeared first on Help Net Security.
http://news.poseidon-us.com/TRqFbW

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr Security Impact Rating: Critical CVE: CVE-2026-20160
http://news.poseidon-us.com/TRqBJ0

Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu Security Impact Rating: Medium CVE: CVE-2026-20042
http://news.poseidon-us.com/TRqBHz

Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device to an attacker-controlled server. The attacker could then execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ssrf-NAen4O7r Security Impact Rating: Medium CVE: CVE-2026-20041
http://news.poseidon-us.com/TRqBHq

Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affected system and elevate privileges to root. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt Security Impact Rating: High CVE: CVE-2026-20094,CVE-2026-20095,CVE-2026-20096,CVE-2026-20097
http://news.poseidon-us.com/TRqBH8

Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this vulnerability by sending a crafted message to an affected Cisco SSM On-Prem host and retrieving session credentials from subsequent status messages. A successful exploit could allow the attacker to elevate privileges on the affected system from low to administrative. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of System User. Note: This vulnerability exposes information only about users who logged in to the Cisco SSM On-Prem host using the web interface and who are currently logged in. SSH sessions are not affected. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8 Security Impact Rating: High CVE: CVE-2026-20151
http://news.poseidon-us.com/TRqBH7