433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

macOS Tahoe improves privacy and communication safety

macOS Tahoe privacy and security features focus on screening unwanted contact, limiting tracking, and keeping more decisions on the device. Most updates run quietly in the background and require little setup. Built-in filtering for calls and messages Apple reduced exposure to social engineering attempts. The native Phone, Messages, and FaceTime apps include system-level screening and unknown contact controls. Incoming calls from unknown numbers can be screened before the Mac rings, prompting callers to provide a … More → The post macOS Tahoe improves privacy and communication safety appeared first on Help Net Security.
http://news.poseidon-us.com/TQV2vZ

Microsoft updates the security baseline for Microsoft 365 Apps for enterprise

Microsoft has published version 2512 of its security baseline for Microsoft 365 Apps for enterprise. The baseline documents recommended policy settings for Office applications used in enterprise environments and maps those settings to current management tools. What the v2512 baseline covers The v2512 baseline groups settings across Word, Excel, PowerPoint, Outlook, and Access. It includes controls related to macros, add-ins, ActiveX, Protected View, and application update behavior. The guidance reflects defaults and recommended values that … More → The post Microsoft updates the security baseline for Microsoft 365 Apps for enterprise appeared first on Help Net Security.
http://news.poseidon-us.com/TQTyz6

Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718?

CVE-2025-59718, a critical authentication bypass flaw that attackers exploited in December 2025 to compromise FortiGate appliances, appears to persist in newer, purportedly fixed releases of the underlying FortiOS. According to Fortinet, CVE-2025-59718 had been fixed in FortiOS versions 7.6.4 or above, 7.4.9 or above, 7.2.12 or above, and 7.0.18 or above. But on Tuesday, a Fortinet administrator posted on Reddit asking whether other enterprise admins had observed attackers logging in and creating new accounts on … More → The post Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718? appeared first on Help Net Security.
http://news.poseidon-us.com/TQTpJM

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)

Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the wild, the company announced on Wednesday via a security advisory. About CVE-2026-20045 CVE-2026-20045 is a code injection vulnerability stemming from improper validation of user-supplied input in HTTP requests. “An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. … More → The post RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045) appeared first on Help Net Security.
http://news.poseidon-us.com/TQTp5q

Cisco IEC6400 Wireless Backhaul Edge Compute Software SSH Denial of Service Vulnerability

A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could allow an unauthenticated, remote attacker to cause the SSH service to stop responding. This vulnerability exists because the SSH service lacks effective flood protection. An attacker could exploit this vulnerability by initiating a denial of service (DoS) attack against the SSH port. A successful exploit could allow the attacker to cause the SSH service to be unresponsive during the period of the DoS attack. All other operations remain stable during the attack. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iec6400-Pem5uQ7v Security Impact Rating: Medium CVE: CVE-2026-20080
http://news.poseidon-us.com/TQTZpm

Cisco Unified Communications Products Remote Code Execution Vulnerability

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b Security Impact Rating: Critical CVE: CVE-2026-20045
http://news.poseidon-us.com/TQTZpb

Cisco Packaged Contact Center Enterprise and Cisco Unified Contact Center Enterprise Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.  These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucce-pcce-xss-2JVyg3uD Security Impact Rating: Medium CVE: CVE-2026-20055,CVE-2026-20109
http://news.poseidon-us.com/TQTZpD

Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability

A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance. This vulnerability is due to improper file permissions on configuration files for system accounts within the maintenance shell of the virtual appliance. An attacker could exploit this vulnerability by accessing the maintenance shell as a read-only administrator and manipulating system files to grant root privileges. A successful exploit could allow the attacker to elevate their privileges to root on the virtual appliance and gain full control of the appliance, giving them the ability to access sensitive information, modify workloads and configurations on the host system, and cause a denial of service (DoS). Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-privesc-p6tBm6jk Security Impact Rating: Medium CVE: CVE-2026-20092
http://news.poseidon-us.com/TQTZnj