433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability

A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default. This vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit this vulnerability by sending a crafted SSH client command to the CLI. A successful exploit could allow the attacker to access sensitive information on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-info-disc-YyxsWStK Security Impact Rating: Medium CVE: CVE-2025-20158
http://news.poseidon-us.com/TJ48l5

Cisco Secure Email Gateway Email Filter Bypass Vulnerability

A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.   This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-mailpol-bypass-5nVcJZMw Security Impact Rating: Medium CVE: CVE-2025-20153
http://news.poseidon-us.com/TJ48jK

Trimble Cityworks: CVE-2025-0994

Learn about CVE-2025-0994 affecting Trimble Cityworks products. Patch now to prevent remote code execution.
http://news.poseidon-us.com/TJ47J3

Fortinet enhances FortiAnalyzer to deliver accelerated threat hunting and incident response

Fortinet announced significant enhancements to FortiAnalyzer, reinforcing its role in driving faster, smarter security operations (SecOps)—all from a single, turnkey hybrid platform tailored for mid-sized enterprises and teams impacted by the cyber skills shortage. FortiAnalyzer offers a powerful, streamlined entry point to scale an organization’s security operations center (SOC), providing broad coverage for both on-premises and cloud environments from a single platform. With ready-to-deploy capabilities that deliver complete control with centralized visibility, advanced threat detection, … More → The post Fortinet enhances FortiAnalyzer to deliver accelerated threat hunting and incident response appeared first on Help Net Security.
http://news.poseidon-us.com/TJ47FF

CardinalOps expands Threat Exposure Management platform

CardinalOps announced new enhancements to its Threat Exposure Management platform. The newly launched platform provides security teams with better visibility, smarter prioritization, and consistent workflows to address exposures and proactively reduce the risk of a breach. With this expansion, CardinalOps is building on their success with optimizing detection rules and controls for SIEM and SOC tools, and is now able to provide unified visibility across the security stack to uncover hidden exposures and gaps and automatically … More → The post CardinalOps expands Threat Exposure Management platform appeared first on Help Net Security.
http://news.poseidon-us.com/TJ44Np

Echoworx launches Manage Your Own Keys feature powered by AWS

Echoworx has unveiled its “Manage Your Own Keys” (MYOK) feature, powered by AWS Key Management Service (AWS KMS), an Amazon Web Services (AWS) service. This solution gives businesses greater control over sensitive data by allowing them to generate, manage, and secure their own encryption keys. The launch addresses growing concerns over data sovereignty and unauthorized access, empowering organizations to protect their information from cyber threats, unauthorized parties, and even service providers. Built on AWS KMS, … More → The post Echoworx launches Manage Your Own Keys feature powered by AWS appeared first on Help Net Security.
http://news.poseidon-us.com/TJ44LN

Where confidential computing fits in the enterprise data strategy

The computing framework shields data privacy while in storage, transit or use – helping businesses reduce the risks involved in data sharing.
http://news.poseidon-us.com/TJ3tyk

Edge Delta Security Data Pipelines mitigates security threats

Edge Delta announced its Security Data Pipelines. This solution empowers security teams to process, analyze, and act on security data faster and more efficiently than ever before. By enabling real-time data processing and enrichment, Edge Delta’s Security Data Pipelines transform how organizations detect, respond to, and mitigate security threats across complex environments. The Security Data Pipelines provide a foundational, scalable framework for standardizing, enriching, and streaming security data from a wide array of data sources … More → The post Edge Delta Security Data Pipelines mitigates security threats appeared first on Help Net Security.
http://news.poseidon-us.com/TJ3pBm

Pangea introduces AI guardrails to secure AI applications

Pangea announced AI Guard and Prompt Guard to secure AI, defending against threats like prompt injection and sensitive information disclosure. Alongside the company’s existing AI Access Control and AI Visibility products, Pangea now offers comprehensive suite of guardrails to secure AI applications. “As companies race to build and deploy AI apps via RAG and agentic frameworks, integrating LLMs with users and sensitive data introduces substantial security risks,” said Oliver Friedrichs, CEO of Pangea. “New attacks … More → The post Pangea introduces AI guardrails to secure AI applications appeared first on Help Net Security.
http://news.poseidon-us.com/TJ3kJP