433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-964cdxW5 Security Impact Rating: Medium CVE: CVE-2026-20047
http://news.poseidon-us.com/TQMg5m

Sensitive data of Eurail, Interrail travelers compromised in data breach

A data breach at the Netherlands-based company that sells Eurail (Interrail) train passes resulted in the compromise of personal and sensitive information belonging to an as-yet unknown number of travelers. What data was accessed? Eurail B.V. operates on behalf of a consortium of European railway companies, and sells single (usually multi-day) passes that let travelers explore Europe by train without having to buy individual tickets. The company acknowledged the breach with a public statement on … More → The post Sensitive data of Eurail, Interrail travelers compromised in data breach appeared first on Help Net Security.
http://news.poseidon-us.com/TQMcfn

Delinea expands identity security platform through StrongDM acquisition

Delinea has signed a definitive agreement to acquire StrongDM. Delinea’s leadership in enterprise privileged access management (PAM), combined with StrongDM’s just-in-time (JIT) runtime authorization capabilities and developer-first access model, will form a new class of identity security platform designed for continuous, always-on environments. As AI adoption accelerates and non-human identities (NHIs) continue to outnumber human users, enterprises must secure privileged access in real-time across increasingly diverse cloud-native, hybrid, and on-prem environments. StrongDM’s JIT runtime authorization … More → The post Delinea expands identity security platform through StrongDM acquisition appeared first on Help Net Security.
http://news.poseidon-us.com/TQMXxH

Tines rolls out a governance layer for agents, copilots, and MCPs

Tines unveiled AI in Tines, a unified interaction layer for agents, copilots, and MCPs, enabling organizations to operationalize enterprise AI in a governed environment. While AI adoption is accelerating, the resulting value remains inconsistent. According to IDC, 88% of AI proof-of-concepts never make it to production, largely because standalone AI deployments lack the necessary context and connectivity to execute complex tasks securely. Additionally, as organizations rush to adopt tools like AI agents or custom GPTs, … More → The post Tines rolls out a governance layer for agents, copilots, and MCPs appeared first on Help Net Security.
http://news.poseidon-us.com/TQMXxF

PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155)

A critical vulnerability (CVE-2025-64155) in Fortinet’s FortiSIEM security platform has now been accompanied by publicly released proof-of-concept (PoC) exploit code, raising the urgency for organizations to patch immediately. About CVE-2025-64155 CVE-2025-64155 may allow unauthenticated, remote attackers to execute unauthorized code or commands on vulnerable FortiSIEM deployments via specially crafted TCP requests. “This flaw targets the phMonitor service, the ‘nervous system’ of the SIEM, allowing attackers to write arbitrary code into a file executed as the … More → The post PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155) appeared first on Help Net Security.
http://news.poseidon-us.com/TQMXwB

AWS European Sovereign Cloud puts data, operations, and oversight inside the EU

Amazon has made the AWS European Sovereign Cloud generally available to customers across the European Union, backed by a €7.8 billion investment. According to AWS, the funding will support infrastructure buildout, staffing, and long-term operations, and is expected to drive regional economic activity and job creation over the coming years. A separate cloud built for EU requirements The AWS European Sovereign Cloud operates as a distinct cloud environment. Infrastructure, services, and operations are located entirely … More → The post AWS European Sovereign Cloud puts data, operations, and oversight inside the EU appeared first on Help Net Security.
http://news.poseidon-us.com/TQMRJX

Bitwarden advances passkeys and credential risk controls

Bitwarden revealed continued product innovation and ecosystem maturity to advance identity security capabilities for users and enterprises. Bitwarden introduced enterprise credential risk insights and guided remediation through Bitwarden Access Intelligence, expanded passkey interoperability across browsers, devices, and operating systems, and deepened alignment with industry standards and major platform providers, including the FIDO Alliance and Microsoft. Turning credential risk into guided action Credential-based risks continue to drive security incidents across enterprise and personal environments, often remaining … More → The post Bitwarden advances passkeys and credential risk controls appeared first on Help Net Security.
http://news.poseidon-us.com/TQMHKn

F5 targets AI runtime risk with new guardrails and adversarial testing tools

F5 has unveiled general availability of F5 AI Guardrails and F5 AI Red Team, two solutions that secure mission-critical enterprise AI systems. With these releases, F5 is providing a comprehensive end-to-end lifecycle approach to AI runtime security, including enhanced ability to connect and protect AI agents with both out-of-the-box and custom guardrails. These security offerings align with customer needs for flexible deployment, model-agnostic protection, and the ability to tailor and adapt AI security policies in … More → The post F5 targets AI runtime risk with new guardrails and adversarial testing tools appeared first on Help Net Security.
http://news.poseidon-us.com/TQMHKk

JumpCloud introduces AI features to govern shadow AI and autonomous agents

JumpCloud is unveiling new AI capabilities to fuel safe innovation. Organizations can leverage JumpCloud’s platform to accelerate AI adoption. They can ensure compliance and control for all types of identity, human, non-human, and autonomous agents. Generative and agentic AI workflows present vast new opportunities. JumpCloud empowers organizations with intelligent, secure IT to meet them. JumpCloud’s new features allow you to see, secure, and automate AI management in your organization. Organizations can focus on proactive IT … More → The post JumpCloud introduces AI features to govern shadow AI and autonomous agents appeared first on Help Net Security.
http://news.poseidon-us.com/TQMHKg

Asimily extends Cisco ISE integration to turn device risk into segmentation policy

Asimily announced enhanced microsegmentation capabilities, including new support for Security Group Access Control Lists (SGACL) within Cisco Identity Services Engine (ISE). The release builds on Asimily’s longstanding ISE integration, enabling organizations to translate device intelligence and risk context into enforceable segmentation policies that move beyond visibility to actionable risk reduction. The SGACL integration allows Cisco ISE customers to automatically apply security group policies based on Asimily’s device classification, behavioral analysis, and risk prioritization. By providing … More → The post Asimily extends Cisco ISE integration to turn device risk into segmentation policy appeared first on Help Net Security.
http://news.poseidon-us.com/TQMHKJ