433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco Webex App Open Redirect Vulnerability

A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to improper input validation of URL parameters in an HTTP request. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to click a crafted URL. A successful exploit could have allowed the attacker to redirect a user to a malicious website. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-redirect-KOyxhffH Security Impact Rating: Medium CVE: CVE-2026-20178
http://news.poseidon-us.com/TT56hY

Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU Security Impact Rating: Medium CVE: CVE-2026-20246
http://news.poseidon-us.com/TT56gt

Senate Armed Services Committee releases NDAA details

The annual legislation would create a new command overseeing military drones and allow for a new under secretary of defense focused on cyber.
http://news.poseidon-us.com/TT55YZ

Another healthcare firm attacked days after Novo Nordisk breach

Medical technology company iRhythm Holdings disclosed a cyberattack involving certain third-party-hosted business applications that resulted in the theft of patient protected health information, proprietary data, and other personal data. The company discovered unauthorized activity on June 8, 2026, and launched an investigation with the assistance of external cybersecurity experts. A day later, a threat actor claimed to have obtained “sensitive information, including proprietary data, patient protected health information and other personal information” and demanded payment … More → The post Another healthcare firm attacked days after Novo Nordisk breach appeared first on Help Net Security.
http://news.poseidon-us.com/TT53qG

WitnessAI Agentic Control secures AI agents, tools, and MCP server access

WitnessAI has announced extended agentic security capabilities that govern how AI agents interact with enterprise systems, tools, and Model Context Protocol (MCP) servers. With the launch of Agentic Control, enterprises have greater visibility and control over their AI agents with a single control plane to discover, monitor, govern, and restrict agent behaviors at runtime. Enterprises are deploying AI agents across chat applications, integrated development environments (IDE), and custom workflows, but security teams lack the visibility … More → The post WitnessAI Agentic Control secures AI agents, tools, and MCP server access appeared first on Help Net Security.
http://news.poseidon-us.com/TT53q4

Tigera introduces unified control plane for Kubernetes-based AI agent security

Tigera has announced the general availability of Tigera Lynx, a unified control plane for Kubernetes-native AI agents. Lynx gives enterprises a single place to find every agent in their Kubernetes estate, tighten security posture, assign sandboxes, provide each agent with a cryptographic identity, enforce policy on every action it takes, audit agent activity, and detect anomalous behavior, all without changing a line of agent code. AI agents do not behave like the workloads enterprise security … More → The post Tigera introduces unified control plane for Kubernetes-based AI agent security appeared first on Help Net Security.
http://news.poseidon-us.com/TT53m2

State Digital Surveillance Risk Landscape

Explore the state digital surveillance risk landscape. Learn how governments use spyware, AI, and network interception to monitor travelers and how to mitigate these risks.
http://news.poseidon-us.com/TT509N

Rokarolla Android trojan targets banking and crypto users, enables device takeover

A newly discovered Android banking trojan, dubbed Rokarolla, targets 217 banking and cryptocurrency applications and can execute 137 commands on infected devices, according to researchers at Zimperium. Named after its command-and-control (C2) infrastructure, Rokarolla is primarily distributed through malicious websites that impersonate popular applications such as TikTok and Google Chrome, fooling users into downloading what appears to be a legitimate app. Banker malware impersonating a legitimate app and requesting accessibility service (Source: Zimperium) Zimperium said … More → The post Rokarolla Android trojan targets banking and crypto users, enables device takeover appeared first on Help Net Security.
http://news.poseidon-us.com/TT4zg4