433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

For the new Congress, an AI proposal from the last Congress

Members of the bipartisan House Task Force on AI want to ensure U.S. leadership while mitigating the threats to privacy and safety. The post For the new Congress, an AI proposal from the last Congress first appeared on Federal News Network.
http://news.poseidon-us.com/THWM1m

Cisco BroadWorks SIP Denial of Service Vulnerability

A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system. A successful exploit could allow the attacker to exhaust the memory that was allocated to the Cisco BroadWorks Network Servers that handle SIP traffic. If no memory is available, the Network Servers can no longer process incoming requests, resulting in a DoS condition that requires manual intervention to recover. For more information about this vulnerability, see the Details section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt Security Impact Rating: High CVE: CVE-2025-20165
http://news.poseidon-us.com/THWHk0

Cisco Meeting Management REST API Privilege Escalation Vulnerability

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API users. An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc Security Impact Rating: Critical CVE: CVE-2025-20156
http://news.poseidon-us.com/THWHjj

ClamAV OLE2 File Format Decryption Denial of Service Vulnerability

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the ClamAV blog. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA Security Impact Rating: Medium CVE: CVE-2025-20128
http://news.poseidon-us.com/THWHgh

Mirai botnet behind the largest DDoS attack to date

Researchers have uncovered two Mirai-based botnets harnessing Internet of Things (IoT) devices to DDoS target organizations around the world. The Murdoc botnet Qualys researchers have laid bare the “Murdoc” botnet, consisting of some 1,300 IoT devices saddled with a variant of the Mirai malware that exploits vulnerabilities to compromise AVTECH Cameras and Huawei HG532 routers. “In this latest campaign we note the utilization of ELF file and Shell Script execution, which leads to the deployment … More → The post Mirai botnet behind the largest DDoS attack to date appeared first on Help Net Security.
http://news.poseidon-us.com/THWGZl

Persona helps businesses detect and prevent AI-driven fraud

Persona announced significant advancements in its AI-based face spoof detection capabilities. These updates strengthen Persona’s ability to detect and prevent increasingly sophisticated generative AI fraud techniques. AI-based face spoofs – such as deepfakes, synthetic faces, and face morphs – have enabled fraudsters to scale attacks at an unprecedented pace. For businesses that rely on identity verification, this poses growing risks, from significant financial losses to reputational damage. Gartner predicts that by 2026, attacks using AI-generated deepfakes on face … More → The post Persona helps businesses detect and prevent AI-driven fraud appeared first on Help Net Security.
http://news.poseidon-us.com/THWGZT

Rimini Protect AHS safeguards against security breaches

Rimini Street announced Rimini Protect Advanced Hypervisor Security (AHS), an exclusive solution powered by proven Vali Cyber AI/ML security technology. The Rimini Protect AHS solution leverages these innovative capabilities that are already protecting mission-critical hypervisor infrastructure, including US military VMware deployments. The Rimini Protect AHS solution combines Vali Cyber technology with Rimini Street’s professional hardening, installation, and managed services. This solution creates a secure, locked-down hypervisor environment, 24/7/365, allowing businesses to manage hypervisor risk. Hypervisor … More → The post Rimini Protect AHS safeguards against security breaches appeared first on Help Net Security.
http://news.poseidon-us.com/THWGX3

MasterCard DNS Error Went Unnoticed for Years

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals.
http://news.poseidon-us.com/THWFcf

5th High-Performance Computing Security Workshop

High-performance computing (HPC) systems provide fundamental computing infrastructure and play a pivotal role in economic competitiveness and scientific discovery. Security is an essential component of HPC. NIST HPC Security Working Group (WG) has
http://news.poseidon-us.com/THWF2H

Dell Technologies Strengthens Data Protection Security, Speeds Threat Response

Dell & CrowdStrike join forces to boost cyber defense with custom threat indicators, expanded MDR services and 24/7 expert SOC support for unmatched data protection.
http://news.poseidon-us.com/THWBS7