433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Governmentwide firings ‘devastating’ to probationary federal employees

The National Science Foundation fired 168 federal employees, marking one of many agencies who fired probationary feds at the Trump administration’s directions. The post Governmentwide firings ‘devastating’ to probationary federal employees first appeared on Federal News Network.
http://news.poseidon-us.com/TJ4CKL

Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-GDPgJ58P Security Impact Rating: Medium CVE: CVE-2025-20211
http://news.poseidon-us.com/TJ48lD

Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability

A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default. This vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit this vulnerability by sending a crafted SSH client command to the CLI. A successful exploit could allow the attacker to access sensitive information on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-info-disc-YyxsWStK Security Impact Rating: Medium CVE: CVE-2025-20158
http://news.poseidon-us.com/TJ48l5

Cisco Secure Email Gateway Email Filter Bypass Vulnerability

A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.   This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-mailpol-bypass-5nVcJZMw Security Impact Rating: Medium CVE: CVE-2025-20153
http://news.poseidon-us.com/TJ48jK

Trimble Cityworks: CVE-2025-0994

Learn about CVE-2025-0994 affecting Trimble Cityworks products. Patch now to prevent remote code execution.
http://news.poseidon-us.com/TJ47J3

Fortinet enhances FortiAnalyzer to deliver accelerated threat hunting and incident response

Fortinet announced significant enhancements to FortiAnalyzer, reinforcing its role in driving faster, smarter security operations (SecOps)—all from a single, turnkey hybrid platform tailored for mid-sized enterprises and teams impacted by the cyber skills shortage. FortiAnalyzer offers a powerful, streamlined entry point to scale an organization’s security operations center (SOC), providing broad coverage for both on-premises and cloud environments from a single platform. With ready-to-deploy capabilities that deliver complete control with centralized visibility, advanced threat detection, … More → The post Fortinet enhances FortiAnalyzer to deliver accelerated threat hunting and incident response appeared first on Help Net Security.
http://news.poseidon-us.com/TJ47FF

CardinalOps expands Threat Exposure Management platform

CardinalOps announced new enhancements to its Threat Exposure Management platform. The newly launched platform provides security teams with better visibility, smarter prioritization, and consistent workflows to address exposures and proactively reduce the risk of a breach. With this expansion, CardinalOps is building on their success with optimizing detection rules and controls for SIEM and SOC tools, and is now able to provide unified visibility across the security stack to uncover hidden exposures and gaps and automatically … More → The post CardinalOps expands Threat Exposure Management platform appeared first on Help Net Security.
http://news.poseidon-us.com/TJ44Np

Echoworx launches Manage Your Own Keys feature powered by AWS

Echoworx has unveiled its “Manage Your Own Keys” (MYOK) feature, powered by AWS Key Management Service (AWS KMS), an Amazon Web Services (AWS) service. This solution gives businesses greater control over sensitive data by allowing them to generate, manage, and secure their own encryption keys. The launch addresses growing concerns over data sovereignty and unauthorized access, empowering organizations to protect their information from cyber threats, unauthorized parties, and even service providers. Built on AWS KMS, … More → The post Echoworx launches Manage Your Own Keys feature powered by AWS appeared first on Help Net Security.
http://news.poseidon-us.com/TJ44LN

Where confidential computing fits in the enterprise data strategy

The computing framework shields data privacy while in storage, transit or use – helping businesses reduce the risks involved in data sharing.
http://news.poseidon-us.com/TJ3tyk