433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

How to Write a Stakeholder Communication Plan: Example & Template

A stakeholder communication plan outlines how project teams share information with stakeholders throughout a project’s lifecycle. It defines what will be communicated, who will receive updates and how often communication will occur. Having a stakeholder communication plan ensures alignment, prevents… Read More The post How to Write a Stakeholder Communication Plan: Example & Template appeared first on ProjectManager.
http://news.poseidon-us.com/TPFThw

Cisco Catalyst Center Virtual Appliance HTTP Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-open-redirect-3W5Bk3Je Security Impact Rating: Medium CVE: CVE-2025-20355
http://news.poseidon-us.com/TPFSp8

Cisco Catalyst Center Privilege Escalation Vulnerability

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy configurations. A successful exploit could allow the attacker to modify policy configurations that are reserved for the Administrator role. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-privesc-catc-rYjReeLU Security Impact Rating: Medium CVE: CVE-2025-20346
http://news.poseidon-us.com/TPFSnz

Cisco Catalyst Center Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-xss-weXtVZ59 Security Impact Rating: Medium CVE: CVE-2025-20353
http://news.poseidon-us.com/TPFSns

Cisco Catalyst Center REST API Command Injection Vulnerability

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to inject arbitrary commands that would then be executed in a restricted container with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ci-ZWLQVSwT Security Impact Rating: Medium CVE: CVE-2025-20349
http://news.poseidon-us.com/TPFSnW

Cisco Catalyst Center Virtual Appliance Privilege Escalation Vulnerability

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to perform unauthorized modifications to the system, including creating new user accounts or elevating their own privileges on an affected system. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-priv-esc-VS8EeCuX Security Impact Rating: High CVE: CVE-2025-20341
http://news.poseidon-us.com/TPFSlh

“Patched” but still exposed: US federal agencies must remediate Cisco flaws (again)

CISA has ordered US federal agencies to fully address two actively exploited vulnerabilities (CVE-2025-20333, CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) and Firepower firewalls. “In CISA’s analysis of agency-reported data, CISA has identified devices marked as ‘patched’ in the reporting template, but which were updated to a version of the software that is still vulnerable to the threat activity outlined in [Emergency Directive 25-03, released on September 25, 2025],” the agency stated on Wednesday. “CISA … More → The post “Patched” but still exposed: US federal agencies must remediate Cisco flaws (again) appeared first on Help Net Security.
http://news.poseidon-us.com/TPFQtp

TrojAI Defend for MCP brings real-time security, visibility, and policy enforcement to agentic AI

TrojAI has launched its new AI runtime defense solution for agentic AI workflows, TrojAI Defend for MCP. Model Context Protocol (MCP) is an open protocol that allows AI agents to connect with external data, tools, and services in a standardized way enabling AI innovation at a rapid pace. TrojAI Defend for MCP was built to monitor traffic to and from MCP servers, providing unified visibility, policy analysis, and runtime enforcement across agents and MCP gateways. … More → The post TrojAI Defend for MCP brings real-time security, visibility, and policy enforcement to agentic AI appeared first on Help Net Security.
http://news.poseidon-us.com/TPFQsk

Google Sues to Disrupt Chinese SMS Phishing Triad

Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google.
http://news.poseidon-us.com/TPFNvH