433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.  These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG Security Impact Rating: Medium CVE: CVE-2025-20204,CVE-2025-20205
http://news.poseidon-us.com/TSNkzf

Scientists just created exotic new forms of matter that shouldn’t exist

A new quantum physics study reveals that simply changing a magnetic field over time can unlock entirely new forms of matter that don’t exist under normal conditions. By carefully “driving” materials with timed magnetic shifts, researchers created exotic quantum states that could be far more stable and resistant to errors—one of the biggest challenges in quantum computing. This breakthrough suggests that the future of quantum technology may depend not just on what materials are made of, but how they’re manipulated in time.
http://news.poseidon-us.com/TSN03K

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s no mention of them being leveraged by attackers in the wild. Still, performing an upgrade to a fixed version is “strongly” advised. CVE-2026-4670 and CVE-2026-5174 Progress Software’s MOVEit Transfer, an enterprise managed file transfer … More → The post Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZKT

Penske Logistics launches platform for real-time supply chain visibility

Penske Logistics has announced the launch of Supply Chain Insight, a secure technology platform and mobile application that provides customers with a real-time view of their supply chain operations across transportation and warehousing. Supply chain leaders are under increased pressure to drive greater operational efficiency in the face of rising fuel costs, evolving regulations and economic challenges. Organizations are looking for a competitive edge to navigate uncertain times and achieve measurable cost savings and efficiencies. … More → The post Penske Logistics launches platform for real-time supply chain visibility appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZKS