Blog

Cisco Secure Firewall Adaptive Security Appliance Software TCP Flood Denial of Service Vulnerability

A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to improper handling of new, incoming TCP connections that are destined to management or data interfaces when the device is under a TCP SYN flood attack. An attacker could exploit this vulnerability by sending a crafted stream of traffic to an affected device. A successful exploit could allow the attacker to prevent all incoming TCP connections to the device from being established, including remote management access, Remote Access VPN (RAVPN) connections, and all network protocols that are TCP-based. This results in a denial of service (DoS) condition for affected features. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-FCvLD6vR This advisory is part of the March 2026 release of the Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2026 Semiannual Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication. Security Impact Rating: High CVE: CVE-2026-20082
http://news.poseidon-us.com/TRHpKg

Digital.ai expands post-build protection for Android and iOS applications

Software security has reached an inflection point as AI development tools increase the volume and velocity of software releases, while AI is also powering the next generation of threat actors driving attack volume and sophistication to new heights. For security teams, this is not just acceleration – it is multiplication: more apps, more releases, and more opportunities for attackers. The challenge is no longer protecting just flagship applications but securing all Android and iOS releases … More → The post Digital.ai expands post-build protection for Android and iOS applications appeared first on Help Net Security.
http://news.poseidon-us.com/TRHl45

Tufin’s AI-powered tools simplify network security operations

Tufin announced its latest AI-powered innovations, enabling customers to utilize its Unified Control Plane to accelerate issue resolution, reduce operational friction, and limit risk – even as network complexity continues to grow. Security teams face pressure to move faster while maintaining a secure network environment. The complexity of the network makes it harder and harder to keep tabs on where potential problems are and opens up opportunities for attackers using advanced AI tools to take … More → The post Tufin’s AI-powered tools simplify network security operations appeared first on Help Net Security.
http://news.poseidon-us.com/TRHl3G

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500)

A critical RCE vulnerability (CVE-2025-14500) in IceWarp, an EU-made business communication and collaboration platform, may be exploited by attackers to gain unauthorized access to exposed unpatched servers. According to the Shadowserver Foundation, there are currently over 1,200 internet-facing instances that have yet to receive a fix, and the organization is sending out alerts to the owners, urging them to update. About CVE-2025-14500 IceWarp, developed by the Czech company of the same name, is a business … More → The post Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) appeared first on Help Net Security.
http://news.poseidon-us.com/TRHgV1

KeyBank CIO resigns

Amy Brady is leaving for personal health reasons, the bank said. She’ll stay in a nonexecutive role through May with CFO Clark Khayat tapped to lead the technology and operations function.
http://news.poseidon-us.com/TRHW6R

Njordium Vendor Management System eliminates duplicate third-party assessments

Njordium Cyber Group has launched its Vendor Management System (VMS), a platform that eliminates the costly duplication of third-party assessments under Europe’s overlapping regulations. 70% of European organisations suffered a data breach in the past three years, and 77% of those breaches originated with a vendor or third party (Whistic, Third-Party Risk Management 2025 Impact Report). The average third-party risk team now spends more than 37 hours a week on repetitive administration, and is still … More → The post Njordium Vendor Management System eliminates duplicate third-party assessments appeared first on Help Net Security.
http://news.poseidon-us.com/TRHV4s

The vulnerability that turns your AI agent against you

Zenity Labs disclosed PleaseFix, a family of critical vulnerabilities affecting agentic browsers, including Perplexity Comet, that allow attackers to hijack AI agents, access local files, and steal credentials within authenticated user sessions. The vulnerabilities can be triggered through malicious content embedded in routine workflows, enabling unauthorized actions without user awareness. The disclosure includes PerplexedBrowser, a subfamily of vulnerabilities in the Perplexity Comet browser that consists of two distinct exploit paths. Both stem from indirect prompt … More → The post The vulnerability that turns your AI agent against you appeared first on Help Net Security.
http://news.poseidon-us.com/TRHV3K