433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco Webex Meetings Cross-Site Scripting Vulnerability

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information. As mentioned, Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is necessary to update on-premises software or devices. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-jw3NeQzS Security Impact Rating: Medium CVE: CVE-2026-20233
http://news.poseidon-us.com/TSs8d4

Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW Security Impact Rating: Critical CVE: CVE-2026-20230
http://news.poseidon-us.com/TSs8cw

Cisco Finesse Remote File Inclusion Vulnerability

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-rfi-gwpkdc89 Security Impact Rating: Medium CVE: CVE-2026-20175
http://news.poseidon-us.com/TSs8cF

Only 11% of production agents pass the AI agent security bar

Enterprise teams are running AI agents that write code, drive browsers, answer customer calls, manage cloud infrastructure, and query data warehouses with standing credentials. A new independent assessment of 100 production agents finds that nearly all of them carry the conditions for a single hostile document to take them over. The AI Risk Quadrant (AIRQ) report, a 2026 Q2 edition produced by independent researchers, scores 100 commercial and publicly available AI agents across three dimensions: … More → The post Only 11% of production agents pass the AI agent security bar appeared first on Help Net Security.
http://news.poseidon-us.com/TSrx0T

Google adds a silent check to catch scammers posing as your contacts

Android is introducing fake call detection to help protect users from impersonation scams. The feature can detect and flag suspected spoofed calls when both parties use Phone by Google on Android 12 or later. It will roll out globally this month, starting with Pixel devices. Story of two calls from “Mom” (Source: Google) “Fake call detection helps protect you, your family and friends by identifying when a caller isn’t who they claim to be, giving … More → The post Google adds a silent check to catch scammers posing as your contacts appeared first on Help Net Security.
http://news.poseidon-us.com/TSrlCS

Microsoft Scout agent opens a new category of always-on Autopilots

Workplace AI assistants have mostly waited for a prompt before doing anything. A user asks, the tool answers, and the exchange ends there. Microsoft is putting a different kind of agent inside its Office applications, one designed to keep operating in the background once a person stops paying attention. The company introduced Microsoft Scout, calling it the first entry in a category it labels Autopilots. What an Autopilot does Autopilots are always-on agents that run … More → The post Microsoft Scout agent opens a new category of always-on Autopilots appeared first on Help Net Security.
http://news.poseidon-us.com/TSrlCJ

Anthropic expands Project Glasswing to 150 organizations in more than 15 countries

Anthropic is expanding Project Glasswing, its cybersecurity initiative built around the Claude Mythos Preview model, by adding about 150 organizations following several weeks of work with its initial group of partners, security firms, open-source maintainers, and government agencies. Organizations joining the program must meet security requirements before gaining access, Anthropic noted. The expansion brings the program to organizations in more than 15 countries and includes sectors such as healthcare, energy, communications, technology, and other infrastructure … More → The post Anthropic expands Project Glasswing to 150 organizations in more than 15 countries appeared first on Help Net Security.
http://news.poseidon-us.com/TSrl9r

Critical Start expands MDR capabilities with multi-agent AI system

Critical Start has released SOC AI, a production-proven multi-agent framework powering its AI-led Managed Detection and Response (MDR). SOC AI coordinates ten specialized agents across the full alert investigation and response lifecycle, covering detection, triage, response, threat hunting, and continuous improvement. Each agent operates with a discrete function, a defined scope, and a complete audit trail on every action taken. After implementation of SOC AI, Investigation Agent enhanced thousands of investigations, compressing analyst time-to-investigate to … More → The post Critical Start expands MDR capabilities with multi-agent AI system appeared first on Help Net Security.
http://news.poseidon-us.com/TSrgpd

MazeBolt brings AI-generated attack simulation to DDoS security testing

MazeBolt has announced the launch of RADAR VectorAI, a new MazeBolt module that creates AI-generated DDoS attacks. As AI outpaces human response, enterprises need to have access to validated DDoS vulnerability data about both known and AI-generated attack vectors. Mythos has raised awareness of the cybersecurity risks created by AI. But while Mythos makes it faster and easier for attackers to identify exploitable gaps in software, it does not address DDoS vulnerabilities. VectorAI functions as … More → The post MazeBolt brings AI-generated attack simulation to DDoS security testing appeared first on Help Net Security.
http://news.poseidon-us.com/TSrgp6