433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco email security appliances rooted and backdoored via still unpatched zero-day

A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard configurations (…) are what we have observed as being compromised by the attack,” they noted. According to the accompanying advisory, the attackers exploited CVE-2025-20393, a vulnerability stemming from improper input validation, to execute arbitrary commands with root … More → The post Cisco email security appliances rooted and backdoored via still unpatched zero-day appeared first on Help Net Security.
http://news.poseidon-us.com/TPt5Kl

Actively exploited SonicWall zero-day patched (CVE-2025-40602)

SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw is being leveraged by attackers. “This vulnerability was reported to be leveraged in combination with CVE-2025-23006 to achieve unauthenticated remote code execution with root privileges,” the company said. About CVE-2025-40602 SonicWall Secure Mobile Access (SMA) 1000 appliances/gateways are used by large, distributed enterprises to allow employees … More → The post Actively exploited SonicWall zero-day patched (CVE-2025-40602) appeared first on Help Net Security.
http://news.poseidon-us.com/TPsxmc

Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager

On December 10, Cisco became aware of a new cyberattack campaign targeting a limited subset of appliances with certain ports open to the internet that are running Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance. The ongoing investigation has revealed evidence of a persistence mechanism planted by the threat actors to maintain a degree of control over compromised appliances. Cisco strongly recommends that customers follow the guidance provided in the Recommendations section of the security advisory in order to assess exposure and mitigate risks. For more information, see the Recommendations section of this advisory.  This advisory is available at the following link:  https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 Security Impact Rating: Critical CVE: CVE-2025-20393
http://news.poseidon-us.com/TPss8S

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)

Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved access to export their system configuration files, Arctic Wolf researchers warned on Tuesday. Configuration files can expose information about the underlying network and infrastructure, firewall and security policies, encrypted/hashed passwords, and more. Some of this data can come in handy for executing successfuly attacks at a later date. CVE-2025-59718 and CVE-2025-59719 Fortinet discovered CVE-2025-59718 and … More → The post Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718) appeared first on Help Net Security.
http://news.poseidon-us.com/TPsqQy

Trellix advances NDR to close the OT-IT threat detection-to-response gap

Trellix announced Trellix NDR innovations, strengthening OT-IT security with integrated visibility across complex environments, enhanced detection capabilities, and automated investigation and response to reduce the threat detection-to-response gap. “We know cybercriminals are increasingly targeting the OT-IT boundary, where threats can hide in the absence of complete visibility,” said Rohit Unnikrishnan, SVP Product Management, Trellix. “To keep pace, organizations must prioritize proactive defense with enhanced perimeter visibility and enriched intelligence extending across environments for greater resilience … More → The post Trellix advances NDR to close the OT-IT threat detection-to-response gap appeared first on Help Net Security.
http://news.poseidon-us.com/TPsTpF

XM Cyber bridges external attack surface management with validated internal attack paths

XM Cyber announced an update to its platform that connects External Attack Surface Management with internal risk validation, closing the gap between what’s exposed outside and what exists inside. By bridging these two worlds, XM Cyber now allows security teams to instantly see not just what is externally exposed, but also gain a strategic view on how external exposures chain together with internal, exploitable vulnerabilities to threaten critical business assets. These enhancements provide a seamless, … More → The post XM Cyber bridges external attack surface management with validated internal attack paths appeared first on Help Net Security.
http://news.poseidon-us.com/TPsP5F

Hadrian launches offensive agentic AI to expose vulnerabilities before attackers

Hadrian launched the latest iteration of its offensive Agentic AI Platform, designed to take an offensive approach to find external exposures and test them for exploitability. Instead of waiting for attacks to happen, Hadrian’s AI agents act like hackers themselves, probing, testing, and exploiting vulnerabilities before malicious actors ever get the chance. Hackers turn to AI Recent research shows that hackers are increasingly deploying AI and AI agents to carry out attacks. From ransomware gangs … More → The post Hadrian launches offensive agentic AI to expose vulnerabilities before attackers appeared first on Help Net Security.
http://news.poseidon-us.com/TPsP5D

Vectra AI redefines hybrid resilience across the attack lifecycle

Vectra AI redefines hybrid attack resilience across the full attack lifecycle by unifying controls pre-and-post compromise within the Vectra AI Platform. Vectra AI’s control philosophy empowers defenders with continuous control through proactive threat exposure management, 360 degree response, and posture reporting. The Vectra AI Platform gives security teams consistent, measurable control across the full hybrid attack lifecycle, from eliminating attack exposures before compromise, to executing decisive response actions as active attacks unfold, to proving resilience … More → The post Vectra AI redefines hybrid resilience across the attack lifecycle appeared first on Help Net Security.
http://news.poseidon-us.com/TPsP54