433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability

A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could allow an unauthenticated, remote attacker to cause the SSH service to stop responding. This vulnerability exists because the SSH service lacks effective flood protection. An attacker could exploit this vulnerability by initiating a denial of service (DoS) attack against the SSH port. A successful exploit could allow the attacker to cause the SSH service to be unresponsive during the period of the DoS attack. All other operations remain stable during the attack. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v Security Impact Rating: Medium CVE: CVE-2026-20080
http://news.poseidon-us.com/TQTZpm

Cisco Unified Communications Products Remote Code Execution Vulnerability

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b Security Impact Rating: Critical CVE: CVE-2026-20045
http://news.poseidon-us.com/TQTZpb

Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.  These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD Security Impact Rating: Medium CVE: CVE-2026-20055,CVE-2026-20109
http://news.poseidon-us.com/TQTZpD

Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability

A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance. This vulnerability is due to improper file permissions on configuration files for system accounts within the maintenance shell of the virtual appliance. An attacker could exploit this vulnerability by accessing the maintenance shell as a read-only administrator and manipulating system files to grant root privileges. A successful exploit could allow the attacker to elevate their privileges to root on the virtual appliance and gain full control of the appliance, giving them the ability to access sensitive information, modify workloads and configurations on the host system, and cause a denial of service (DoS). Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk Security Impact Rating: Medium CVE: CVE-2026-20092
http://news.poseidon-us.com/TQTZnj

Check Point Exposure Management unifies threat intelligence, context, and remediation

Check Point announced Check Point Exposure Management, a new approach designed to help organizations defend against attacks by turning fragmented exposure data into prioritized, actionable, and safe remediation. Exposure Management delivers real-time situational awareness by unifying threat intelligence, dark-web insights, attack surface visibility, exploitability context, and automated remediation, at a time when attackers increasingly use automation and AI to move faster than traditional security operations can respond. “Security teams are flooded with intelligence but still … More → The post Check Point Exposure Management unifies threat intelligence, context, and remediation appeared first on Help Net Security.
http://news.poseidon-us.com/TQTY2l

Cohesity enhances identity resilience with ITDR capabilities

Cohesity has unveiled Identity Threat Detection and Response (ITDR) capabilities that expand its Identity Resilience portfolio, providing a more comprehensive approach to securing and recovering critical identity systems such as Active Directory (AD) and Microsoft Entra ID. Identity is foundational to enterprise security, underpinning all access. Without it, operations grind to a halt, and organizations are at risk. Attackers constantly seek to exploit misconfigurations, privilege escalation paths, and weak controls to gain access to sensitive … More → The post Cohesity enhances identity resilience with ITDR capabilities appeared first on Help Net Security.
http://news.poseidon-us.com/TQTY2b

EU tightens cybersecurity rules for tech supply chains

The European Commission has proposed a new cybersecurity package aimed at strengthening the EU’s cyber resilience, including a revised EU Cybersecurity Act designed to secure ICT supply chains and ensure products reaching EU citizens are secure by design through a streamlined certification process. Revised Cybersecurity Act and ICT supply chain security The revised Cybersecurity Act establishes an ICT supply chain security framework based on a risk-based approach. This framework will help the EU and Member … More → The post EU tightens cybersecurity rules for tech supply chains appeared first on Help Net Security.
http://news.poseidon-us.com/TQTY29

Vectra AI helps organizations prevent AI-powered cyberattacks

Vectra AI launched the next generation of its flagship platform, purpose-built to protect the AI enterprise by delivering preemptive security and proactive defense against AI-powered cyberattacks. As enterprises embed AI across applications and infrastructure, they are becoming AI enterprises: always-on, hyper-connected environments that operate at machine speed. These environments function as a single, living network spanning on-premises data centers, multi-cloud, identity, SaaS, IoT/OT, edge, and AI infrastructure, where non-human identities and AI agents increasingly outnumber … More → The post Vectra AI helps organizations prevent AI-powered cyberattacks appeared first on Help Net Security.
http://news.poseidon-us.com/TQTY1C

Rust package registry adds security tools and metrics to crates.io

The Rust project updated crates.io to include a Security tab on individual crate pages. The tab shows security advisories drawn from the RustSec database and lists which versions of a crate may have known issues. This change gives developers a way to view advisory information before selecting a crate as a dependency. The tab shows known vulnerabilities for the crate along with the affected version ranges. (Source: crates.io team) Changes to publishing workflows The crates.io … More → The post Rust package registry adds security tools and metrics to crates.io appeared first on Help Net Security.
http://news.poseidon-us.com/TQTRBS

OpenAI adds age prediction to ChatGPT to strengthen teen safety

OpenAI is rolling out age prediction on ChatGPT consumer plans to help determine whether an account likely belongs to someone under 18. Age prediction builds on protections already in place. ChatGPT relies on an age prediction model that evaluates behavioral and account level signals. These include how long an account has existed, typical times of activity, usage patterns over time, and a stated age when one is provided. According to the company, deploying the model … More → The post OpenAI adds age prediction to ChatGPT to strengthen teen safety appeared first on Help Net Security.
http://news.poseidon-us.com/TQTR9B