433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Exposed training apps are showing up in active cloud attacks

Security teams often spin up vulnerable applications for demos, training, or internal testing. A recent Pentera research report documents how those environments are being left exposed on the public internet and actively exploited. The research focuses on intentionally vulnerable apps such as OWASP Juice Shop, Damn Vulnerable Web Application, Hackazon, and similar projects. These tools are commonly deployed to teach secure coding, support product demonstrations, or give red and blue teams hands-on practice. According to … More → The post Exposed training apps are showing up in active cloud attacks appeared first on Help Net Security.
http://news.poseidon-us.com/TQV9lb

The internet’s oldest trust mechanism is still one of its weakest links

Attackers continue to rely on domain names as an entry point into enterprise systems. A CSC domain security study finds that large organizations leave this part of their attack surface underprotected, even as attacks become more frequent. The research examined the Forbes Global 2000 and compared them with the world’s top 100 privately held unicorn companies. Domain security adoption: 100 unicorns vs Global 2000 (Source: CSC) Domains sit outside standard security controls Domains operate outside … More → The post The internet’s oldest trust mechanism is still one of its weakest links appeared first on Help Net Security.
http://news.poseidon-us.com/TQV8j8

A new framework helps banks sort urgent post-quantum crypto work from the rest

Financial institutions now have a concrete method for deciding where post-quantum cryptography belongs on their security roadmaps. New research coordinated by Europol sets out a scoring framework that helps banks rank systems and business use cases based on quantum risk and the time required to migrate them. The goal is practical prioritization, and the paper is aimed at security teams that need to move from planning into execution. The research responds to a growing operational … More → The post A new framework helps banks sort urgent post-quantum crypto work from the rest appeared first on Help Net Security.
http://news.poseidon-us.com/TQV4B0

macOS Tahoe improves privacy and communication safety

macOS Tahoe privacy and security features focus on screening unwanted contact, limiting tracking, and keeping more decisions on the device. Most updates run quietly in the background and require little setup. Built-in filtering for calls and messages Apple reduced exposure to social engineering attempts. The native Phone, Messages, and FaceTime apps include system-level screening and unknown contact controls. Incoming calls from unknown numbers can be screened before the Mac rings, prompting callers to provide a … More → The post macOS Tahoe improves privacy and communication safety appeared first on Help Net Security.
http://news.poseidon-us.com/TQV2vZ

Microsoft updates the security baseline for Microsoft 365 Apps for enterprise

Microsoft has published version 2512 of its security baseline for Microsoft 365 Apps for enterprise. The baseline documents recommended policy settings for Office applications used in enterprise environments and maps those settings to current management tools. What the v2512 baseline covers The v2512 baseline groups settings across Word, Excel, PowerPoint, Outlook, and Access. It includes controls related to macros, add-ins, ActiveX, Protected View, and application update behavior. The guidance reflects defaults and recommended values that … More → The post Microsoft updates the security baseline for Microsoft 365 Apps for enterprise appeared first on Help Net Security.
http://news.poseidon-us.com/TQTyz6

Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718?

CVE-2025-59718, a critical authentication bypass flaw that attackers exploited in December 2025 to compromise FortiGate appliances, appears to persist in newer, purportedly fixed releases of the underlying FortiOS. According to Fortinet, CVE-2025-59718 had been fixed in FortiOS versions 7.6.4 or above, 7.4.9 or above, 7.2.12 or above, and 7.0.18 or above. But on Tuesday, a Fortinet administrator posted on Reddit asking whether other enterprise admins had observed attackers logging in and creating new accounts on … More → The post Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718? appeared first on Help Net Security.
http://news.poseidon-us.com/TQTpJM

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)

Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the wild, the company announced on Wednesday via a security advisory. About CVE-2026-20045 CVE-2026-20045 is a code injection vulnerability stemming from improper validation of user-supplied input in HTTP requests. “An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. … More → The post RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045) appeared first on Help Net Security.
http://news.poseidon-us.com/TQTp5q

Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability

A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could allow an unauthenticated, remote attacker to cause the SSH service to stop responding. This vulnerability exists because the SSH service lacks effective flood protection. An attacker could exploit this vulnerability by initiating a denial of service (DoS) attack against the SSH port. A successful exploit could allow the attacker to cause the SSH service to be unresponsive during the period of the DoS attack. All other operations remain stable during the attack. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v Security Impact Rating: Medium CVE: CVE-2026-20080
http://news.poseidon-us.com/TQTZpm