433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites. Cisco has deprecated and removed the ACI Multi-Site CloudSec encryption feature that is affected by this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX Security Impact Rating: High CVE: CVE-2023-20185
http://news.poseidon-us.com/TSCGvD

No title

On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices related to Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) products. According to the update, the ArcaneDoor threat actor has developed a previously unknown persistence mechanism that is preserved across upgrading to the fixed releases that were published in September 2025. This persistence mechanism resides in the Cisco Firepower eXtensible Operating System (FXOS) Software base operating system for Cisco Secure Firewall ASA Software and Cisco Secure FTD Software installations on the affected hardware platforms. Note: According to the intelligence Cisco PSIRT has received to date, the initial compromise, begins with the attacker exploiting the following vulnerabilities before customers upgraded to the fixed releases that were made available in September 2025: * CVE-2025-20333: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability * CVE-2025-20362: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability For more information about the fixed releases that were made available in September 2025, see September 2025 Cisco Event Response: Continued Attacks Against Cisco Firewalls. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 Security Impact Rating: Informational
http://news.poseidon-us.com/TSBPzN

Hacker with a special interest in breaching sports institutions ends behind bars

French police have arrested a suspected hacker linked to a series of data breaches affecting organizations in the country. Citing authorities, Le Parisien reported that the suspect, a 20-year-old man using the alias ‘HexDex,’ was taken into custody on April 22, 2026, in the Vendée region, western France. The suspect admitted to using the alias ‘HexDex,’ which he used to claim the leaks online and repost the data on forums such as BreachForum and Darkforum, … More → The post Hacker with a special interest in breaching sports institutions ends behind bars appeared first on Help Net Security.
http://news.poseidon-us.com/TSBN9l

AI just discovered new physics in the fourth state of matter

Physicists have taken a major step toward using AI not just to analyze data, but to uncover entirely new laws of nature. By combining a specially designed neural network with precise 3D tracking of particles in a dusty plasma—a strange “fourth state of matter” found from space to wildfires—the team revealed hidden patterns in how particles interact. Their model captured complex, one-way (non-reciprocal) forces with over 99% accuracy and even overturned long-held assumptions about how these forces behave.
http://news.poseidon-us.com/TSBK0f

IP Fabric MCP server adds governance and control to enterprise AIOps workflows

IP Fabric has launched a new Model Context Protocol (MCP) server that removes key barriers to enterprise AIOps adoption, combining secure in-platform deployment with a built-in prompt library for network operations. While MCP servers and AI integrations are increasingly common, most fall short in enterprise environments where security, control and trusted data are non-negotiable. IP Fabric eliminates these barriers to enterprise AIOps adoption with a purpose-built solution that delivers a practical and governed path to … More → The post IP Fabric MCP server adds governance and control to enterprise AIOps workflows appeared first on Help Net Security.
http://news.poseidon-us.com/TSBJYx

Aqua Compass MCP server enables real-time investigation and containment of runtime threats

Aqua Security has announced Aqua Compass, a Model Context Protocol (MCP) server that enables agentic investigation, containment and remediation of runtime incidents, and new runtime risk dashboards. These capabilities help security teams move beyond identifying risk and focus on containing threats in running applications. The announcement builds on Aqua’s Secure AI capabilities, extending the company’s AI innovation from protecting AI applications to applying AI directly to runtime security operations. Cloud native development and AI-generated code … More → The post Aqua Compass MCP server enables real-time investigation and containment of runtime threats appeared first on Help Net Security.
http://news.poseidon-us.com/TSBJYn