433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco Identity Services Engine RADIUS Suppression Denial of Service Vulnerability

A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly. This vulnerability is due to a logic error when processing a RADIUS access request for a MAC address that is already a rejected endpoint. An attacker could exploit this vulnerability by sending a specific sequence of multiple crafted RADIUS access request messages to Cisco ISE. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when Cisco ISE restarts. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radsupress-dos-8YF3JThh Security Impact Rating: High CVE: CVE-2025-20343
http://news.poseidon-us.com/TP5Kbz

Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to either disclose sensitive information or conduct a reflected cross-site scripting (XSS) attack. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH Security Impact Rating: Medium CVE: CVE-2025-20289,CVE-2025-20303,CVE-2025-20304,CVE-2025-20305
http://news.poseidon-us.com/TP5KZX

Cisco Unified Contact Center Express Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the Java Remote Method Invocation (RMI) process of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to upload arbitrary files, bypass authentication, execute arbitrary commands, and elevate privileges to root. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ Security Impact Rating: Critical CVE: CVE-2025-20354,CVE-2025-20358
http://news.poseidon-us.com/TP5KXz

Komodor’s self-healing capabilities remediate issues with or without a human in the loop

Komodor released autonomous self-healing and cost optimization capabilities that simplify operations for SRE, DevOps, and Platform teams managing large-scale Kubernetes environments. Powered by Klaudia, purpose-built agentic AI, the Komodor platform can automatically detect, investigate, and remediate issues, with or without a human in the loop, and optimize resource utilization. Managing Kubernetes and cloud-native infrastructure at scale has become increasingly complex. Industry research shows that 88% of technology leaders report rising stack complexity, and 81% say … More → The post Komodor’s self-healing capabilities remediate issues with or without a human in the loop appeared first on Help Net Security.
http://news.poseidon-us.com/TP5Hp9

Fortinet launches Secure AI Data Center to protect AI infrastructures end-to-end

Fortinet announced the Secure AI Data Center solution, an end-to-end framework purpose-built to protect AI infrastructures. Designed to secure the entire AI stack, from data center infrastructure to applications and LLMs, the solution delivers advanced AI threat defense with ultra-low latency and reduces power consumption on average by 69% compared to traditional approaches. As part of this announcement, Fortinet introduced the FortiGate 3800G, a high-performance data center firewall that delivers the power efficiency, throughput, and … More → The post Fortinet launches Secure AI Data Center to protect AI infrastructures end-to-end appeared first on Help Net Security.
http://news.poseidon-us.com/TP5Hp5

Barracuda Assistant accelerates security operations

Barracuda Networks launched Barracuda Assistant, powered by Barracuda AI. Integrated into the BarracudaONE cybersecurity platform, Barracuda Assistant accelerates security operations to help organizations strengthen cyber resilience and drive productivity and ROI. “Cyberattacks are growing more sophisticated and relentless, and security teams are under immense pressure to respond faster with fewer resources,” said Brian Downey, VP of product management at Barracuda. “Barracuda Assistant empowers users of all skill levels to investigate threats quickly and confidently, even … More → The post Barracuda Assistant accelerates security operations appeared first on Help Net Security.
http://news.poseidon-us.com/TP5Hn2

CleanStart SBOM Analyzer strengthens software supply chain security

CleanStart has released its SBOM Analyzer, an add-on tool that generates complete, CISA-compliant Software Bills of Materials (SBOMs) for container images. The tool deepens visibility into software components and dependencies, helping organizations secure their supply chains before deployment. Integrated directly into CleanStart’s platform, the add-on provides broader component coverage, deeper dependency mapping and automatically maintained data as part of the company’s regular image refresh cycle. “SBOMs are no longer optional now that they’re a federal … More → The post CleanStart SBOM Analyzer strengthens software supply chain security appeared first on Help Net Security.
http://news.poseidon-us.com/TP5CXR

Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703)

On Tuesday, CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-11371, which affects Gladinet’s CentreStack and Triofox file-sharing and remote access platforms, and CVE-2025-48703, a vulnerability in Control Web Panel (CWP), a web hosting control panel designed for managing servers running CentOS or CentOS-based distributions. While active exploitation of CVE-2025-11371 has been reported on since early October 2025, exploitation attempts involving CVE-2025-48703, though detected by cybersecurity professionals, have so far been less widespread … More → The post Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703) appeared first on Help Net Security.
http://news.poseidon-us.com/TP59Ln

18 arrested in €300 million global credit card fraud scheme

A coordinated international operation has led to 18 arrests in a massive credit card fraud case worth at least €300 million. The effort, led by Eurojust, targeted a network of suspects accused of running fake online subscription services for dating, pornography, and streaming sites. Among those detained were five executives from four German payment service providers. Authorities said the fraud affected several million credit card users across 193 countries and involved 19 million accounts. Investigators … More → The post 18 arrested in €300 million global credit card fraud scheme appeared first on Help Net Security.
http://news.poseidon-us.com/TP55z0