433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco Unified Communications Products Privilege Escalation Vulnerability

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-kkhZbHR5 Security Impact Rating: Medium CVE: CVE-2025-20112
http://news.poseidon-us.com/TKvdrW

Data-stealing VS Code extensions removed from official Marketplace

Developers who specialize in writing smart (primarily Ethereum) contracts using the Solidity programming language have been targeted via malicious VS Code extensions that install malware that steals cryptocurrency wallet credentials. “Based on shared infrastructure and obfuscation characteristics, we attribute all three extensions to a single threat actor, which we track as MUT-9332, that was also behind a recently reported campaign to distribute a Monero cryptominer via backdoored VS Code extensions,” Datadog security researchers have shared. … More → The post Data-stealing VS Code extensions removed from official Marketplace appeared first on Help Net Security.
http://news.poseidon-us.com/TKvZk6

Gerry Connolly, longtime federal workforce and IT advocate, dead at 75

Rep. Gerry Connolly (D-Va.), an outspoken supporter of federal employees, died Wednesday at 75, after being diagnosed with esophageal cancer late last year. The post Gerry Connolly, longtime federal workforce and IT advocate, dead at 75 first appeared on Federal News Network.
http://news.poseidon-us.com/TKvXLY

Gerry Connolly, longtime federal workforce and IT advocate, dead at 75

Rep. Gerry Connolly (D-Va.), an outspoken supporter of federal employees, died Wednesday at 75, after being diagnosed with esophageal cancer late last year. The post Gerry Connolly, longtime federal workforce and IT advocate, dead at 75 first appeared on Federal News Network.
http://news.poseidon-us.com/TKvXKx

Anchore SBOM tracks software supply chain issues

Anchore announced the next phase of its SBOM strategy with the release of Anchore SBOM. With the addition of Anchore SBOM, Anchore Enterprise now provides a centralized platform for viewing, managing and analyzing Software Bill of Materials (SBOMs), including the capability of “Bringing Your Own SBOMs”. Organizations can now gain comprehensive visibility into the software components present in both their internally developed and third-party supplied software to identify and mitigate security and compliance risks. Driven … More → The post Anchore SBOM tracks software supply chain issues appeared first on Help Net Security.
http://news.poseidon-us.com/TKvSpX

DoD orders ‘immediate’ changes to troubled PCS moving program, replaces senior official

In a memo, Defense Secretary Pete Hegseth ordered the department to address “deficiencies” in the multibillion dollar Global Household Goods Contract (GHC). The post DoD orders ‘immediate’ changes to troubled PCS moving program, replaces senior official first appeared on Federal News Network.
http://news.poseidon-us.com/TKvRQR

DoD orders ‘immediate’ changes to troubled PCS moving program, replaces senior official

In a memo, Defense Secretary Pete Hegseth ordered the department to address “deficiencies” in the multibillion dollar Global Household Goods Contract (GHC). The post DoD orders ‘immediate’ changes to troubled PCS moving program, replaces senior official first appeared on Federal News Network.
http://news.poseidon-us.com/TKvPJ1

DoD orders ‘immediate’ changes to troubled PCS moving program, replaces senior official

In a memo, Defense Secretary Pete Hegseth ordered the department to address “deficiencies” in the multibillion dollar Global Household Goods Contract (GHC). The post DoD orders ‘immediate’ changes to troubled PCS moving program, replaces senior official first appeared on Federal News Network.
http://news.poseidon-us.com/TKvP1Y

Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322)

A critical vulnerability (CVE-2025-4322) in Motors, a WordPress theme popular with car/motor dealerships and rental services, can be easily exploited by unauthenticated attackers to take over admin accounts and gain full control over target WP-based sites. The privileges thus acquired allow attackers to inject scripts that steal user data, make download links point to malware, redirect visitors to malicious sites, install a backdoor, or steal data saved in the underlying database. About CVE-2025-4322 Motors is … More → The post Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322) appeared first on Help Net Security.
http://news.poseidon-us.com/TKvMSX

Carmakers rev up AI efforts amid economic uncertainty

Ford, General Motors and Toyota pursue use cases to enhance customer experience, optimize costs and drive profits, executives said in their latest financial reports.
http://news.poseidon-us.com/TKvKbh