433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.  These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-42tgsdMG Security Impact Rating: Medium CVE: CVE-2025-20204,CVE-2025-20205
http://news.poseidon-us.com/TSNkzf

Scientists just created exotic new forms of matter that shouldn’t exist

A new quantum physics study reveals that simply changing a magnetic field over time can unlock entirely new forms of matter that don’t exist under normal conditions. By carefully “driving” materials with timed magnetic shifts, researchers created exotic quantum states that could be far more stable and resistant to errors—one of the biggest challenges in quantum computing. This breakthrough suggests that the future of quantum technology may depend not just on what materials are made of, but how they’re manipulated in time.
http://news.poseidon-us.com/TSN03K

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s no mention of them being leveraged by attackers in the wild. Still, performing an upgrade to a fixed version is “strongly” advised. CVE-2026-4670 and CVE-2026-5174 Progress Software’s MOVEit Transfer, an enterprise managed file transfer … More → The post Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZKT

Penske Logistics launches platform for real-time supply chain visibility

Penske Logistics has announced the launch of Supply Chain Insight, a secure technology platform and mobile application that provides customers with a real-time view of their supply chain operations across transportation and warehousing. Supply chain leaders are under increased pressure to drive greater operational efficiency in the face of rising fuel costs, evolving regulations and economic challenges. Organizations are looking for a competitive edge to navigate uncertain times and achieve measurable cost savings and efficiencies. … More → The post Penske Logistics launches platform for real-time supply chain visibility appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZKS

DigiCert breached via malicious screensaver file

A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and IoT security. According to DigiCert’s incident report, a threat actor contacted the support team via a customer chat channel and delivered a malicious ZIP file disguised as a customer screenshot, which contained … More → The post DigiCert breached via malicious screensaver file appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZKP

Operant AI Endpoint Protector secures AI agents and MCP tools

Operant AI has launched Operant Endpoint Protector, a new addition to its AI Defense Platform that enables enterprise IT and security teams to discover, detect, and defend against threats across every AI tool, coding agent, and Model Context Protocol (MCP)-connected workflow used by employees, directly at the endpoint where most consequential AI activity takes place. Securing the endpoint Across every enterprise, employees in HR, finance, legal, customer service, engineering, and operations are interacting with AI … More → The post Operant AI Endpoint Protector secures AI agents and MCP tools appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZKN