433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco Nexus 9000 Series Fabric Switches in ACI Mode SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a DoS condition. Note: This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv1 or SNMPv2c, the attacker must have a valid read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dsnmp-cNN39Uh This advisory is part of the February 2026 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2026 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. Security Impact Rating: High CVE: CVE-2026-20048
http://news.poseidon-us.com/TR8rRs

Cisco Nexus 3600 and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability

A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop. This vulnerability is due to a logic error when processing a crafted Layer 2 ingress frame. An attacker could exploit this vulnerability by sending a stream of crafted Ethernet frames through the targeted device. A successful exploit could allow the attacker to cause a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which, in turn, could result in a denial of service (DoS) condition. This Layer 2 loop could oversubscribe the bandwidth on network interfaces, which would result in all data plane traffic being dropped. To exploit this vulnerability, the attacker must be Layer 2-adjacent to the affected device. Note: To stop active exploitation of this vulnerability, manual intervention is required to both stop the crafted traffic and flap all involved network interfaces. For additional assistance if a Layer 2 loop that is related to this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or the proper support provider.  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ether-dos-Kv8YNWZ4 This advisory is part of the February 2026 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2026 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. Security Impact Rating: High CVE: CVE-2026-20051
http://news.poseidon-us.com/TR8rRm

Cisco FXOS and UCS Manager Software Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious data into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials for a user account with the role of Administrator or AAA Administrator.  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfxosxss-7skVE8Zv This advisory is part of the February 2026 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2026 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. Security Impact Rating: Medium CVE: CVE-2026-20091
http://news.poseidon-us.com/TR8rRX

Cisco UCS Manager Software Privilege Escalation Vulnerability

A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system.   This vulnerability exists because unnecessary privileges are given to the user. An attacker could exploit this vulnerability by authenticating to a device as a read-only user and connecting to the NX-OS CLI. A successful exploit could allow the attacker to create or overwrite files in the file system or perform limited privileged actions on an affected device.    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.  This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsm-afwae-mOgUfyLn This advisory is part of the February 2026 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2026 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. Security Impact Rating: Medium CVE: CVE-2026-20037
http://news.poseidon-us.com/TR8rPg

A simple chemical tweak could supercharge quantum computers

Quantum computers need special materials called topological superconductors—but they’ve been notoriously difficult to create. Researchers have now shown they can trigger this exotic state by subtly adjusting the mix of tellurium and selenium in ultra-thin films. That tiny chemical tweak changes how electrons interact, effectively turning a quantum phase “dial” until the ideal state appears. The result is a more practical path toward building stable, next-generation quantum devices.
http://news.poseidon-us.com/TR8qn9

Anthropic’s Remote Control feature brings Claude Code to mobile devices

Anthropic has introduced a new Claude Code feature called Remote Control, allowing developers to continue a local coding session from a phone, tablet, or any web browser. The feature is rolling out as a research preview to Max users. This is another in a series of additions the company has introduced recently, following Claude Opus 4.6, Claude Sonnet 4.6, and Claude Code Security. “Unlike Claude Code on the web, which runs on cloud infrastructure, Remote … More → The post Anthropic’s Remote Control feature brings Claude Code to mobile devices appeared first on Help Net Security.
http://news.poseidon-us.com/TR8hr8

SolarWinds Serv-U hit by four critical RCE-level vulnerabilities

SolarWinds has fixed four critical vulnerabilities in its popular Serv-U file transfer solution, which is used by businesses and organizations of all sizes. If exploited, the flaws may allow attackers to create a system admin user and/or execute code as a privileged account. The SolarWinds Serv-U vulnerabilities SolarWinds Serv-U runs on Windows or Linux and lets users securely transfer files between computers or systems using standard protocols like FTP, FTPS, SFTP, HTTP, and HTTPS. It … More → The post SolarWinds Serv-U hit by four critical RCE-level vulnerabilities appeared first on Help Net Security.
http://news.poseidon-us.com/TR8cxc

Reddit fined $19.5 million for failing to protect children’s personal data

The UK’s Information Commissioner’s Office (ICO) has fined Reddit $19.5 million after finding that the company failed to use children’s personal information lawfully, exposing them to inappropriate and harmful content. The investigation found that Reddit did not apply an age assurance mechanism and therefore did not have a lawful basis for processing the personal information of children under 13. The company also failed to carry out a data protection impact assessment to assess and mitigate … More → The post Reddit fined $19.5 million for failing to protect children’s personal data appeared first on Help Net Security.
http://news.poseidon-us.com/TR8cty

Ex-L3Harris executive sentenced to 87 months for selling stolen cyber-exploit trade secrets

Peter Williams, a former executive of Trenchant, L3Harris’ cyber division, has been sentenced to 87 months in prison by a federal judge in Washington, D.C., after pleading guilty to stealing and selling sensitive cyber-exploit trade secrets to a Russian broker. Williams admitted his actions caused the defense contractor an estimated $35 million in losses. The judge also ordered three years of supervised release and the forfeiture of a $1.3 million money judgment, cryptocurrency, a house, … More → The post Ex-L3Harris executive sentenced to 87 months for selling stolen cyber-exploit trade secrets appeared first on Help Net Security.
http://news.poseidon-us.com/TR8XkG