433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Incognito dark web drug market operator gets 30 years in prison

Rui-Siang Lin, a Taiwanese national, was sentenced to 30 years in U.S. federal prison for operating Incognito Market, one of the world’s largest illicit online narcotics marketplaces. Incognito Market splash page and graphical interface Incognito Market operated on the dark web from October 2020 until it closed in March 2024. The platform functioned as a centralized marketplace accessible through the Tor browser and supported drug sales to buyers around the world. Vendors used the site … More → The post Incognito dark web drug market operator gets 30 years in prison appeared first on Help Net Security.
http://news.poseidon-us.com/TQlwL0

ConnectSecure introduces Linux patching capability to simplify cross-distro updates

ConnectSecure announced the launch of a new cross-platform Linux operating system patching capability. The update eliminates the complexity of managing fragmented Linux environments by delivering a single, unified interface for deploying critical security updates across the four most widely used Linux distributions: Red Hat, Ubuntu, Debian, and CentOS. The new capability helps MSPs and security teams automate the identification and deployment of kernel and OS patches without requiring distribution-specific tools. As a result, organizations can … More → The post ConnectSecure introduces Linux patching capability to simplify cross-distro updates appeared first on Help Net Security.
http://news.poseidon-us.com/TQlwKH

Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-xss-bYeVKCD Security Impact Rating: Medium CVE: CVE-2026-20111
http://news.poseidon-us.com/TQlttw

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting the affected device to render crafted text, for example, a crafted meeting invitation. As indicated in the CVSS score, no user interaction is required, such as accepting the meeting invitation. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q Security Impact Rating: High CVE: CVE-2026-20119
http://news.poseidon-us.com/TQlttp

Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass Vulnerability

A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is due to improper handling of certain archive files. An attacker could exploit this vulnerability by sending a crafted archive file, which should be blocked, through an affected device. A successful exploit could allow the attacker to bypass the anti-malware scanner and download malware onto an end user workstation. The downloaded malware will not automatically execute unless the end user extracts and launches the malicious file.  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-archive-bypass-Scx2e8zF Security Impact Rating: Medium CVE: CVE-2026-20056
http://news.poseidon-us.com/TQlttb

Cisco Meeting Management Arbitrary File Upload Vulnerability

A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in certain sections of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload arbitrary files to the affected system. The malicious files could overwrite system files that are processed by the root system account and allow arbitrary command execution with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of video operator. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.    This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-file-up-kY47n8kK Security Impact Rating: High CVE: CVE-2026-20098
http://news.poseidon-us.com/TQlttQ

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN Security Impact Rating: Medium CVE: CVE-2026-20123
http://news.poseidon-us.com/TQltsz

SECNAP CloudJacket MXDR integrates SOC, SIEM, and NDR

SECNAP Network Security announced the launch of CloudJacket MXDR, a next-generation managed extended detection and response solution. Built on the company’s patented CloudJacket platform, CloudJacket MXDR enhances SECNAP’s security portfolio by extending its existing capabilities, including advanced network detection and response (NDR). CloudJacket MXDR is designed from the ground up to empower managed service providers (MSPs) and internal IT teams by incorporating advanced elements into a unified single pane of glass complete with multi-tenant capabilities. … More → The post SECNAP CloudJacket MXDR integrates SOC, SIEM, and NDR appeared first on Help Net Security.
http://news.poseidon-us.com/TQlbyC