433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-stored-xss-GEkX8yWK Security Impact Rating: Medium CVE: CVE-2026-20075
http://news.poseidon-us.com/TQMg6g

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-9TDh2kx Security Impact Rating: Medium CVE: CVE-2026-20076
http://news.poseidon-us.com/TQMg6P

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-964cdxW5 Security Impact Rating: Medium CVE: CVE-2026-20047
http://news.poseidon-us.com/TQMg5m

Sensitive data of Eurail, Interrail travelers compromised in data breach

A data breach at the Netherlands-based company that sells Eurail (Interrail) train passes resulted in the compromise of personal and sensitive information belonging to an as-yet unknown number of travelers. What data was accessed? Eurail B.V. operates on behalf of a consortium of European railway companies, and sells single (usually multi-day) passes that let travelers explore Europe by train without having to buy individual tickets. The company acknowledged the breach with a public statement on … More → The post Sensitive data of Eurail, Interrail travelers compromised in data breach appeared first on Help Net Security.
http://news.poseidon-us.com/TQMcfn

Delinea expands identity security platform through StrongDM acquisition

Delinea has signed a definitive agreement to acquire StrongDM. Delinea’s leadership in enterprise privileged access management (PAM), combined with StrongDM’s just-in-time (JIT) runtime authorization capabilities and developer-first access model, will form a new class of identity security platform designed for continuous, always-on environments. As AI adoption accelerates and non-human identities (NHIs) continue to outnumber human users, enterprises must secure privileged access in real-time across increasingly diverse cloud-native, hybrid, and on-prem environments. StrongDM’s JIT runtime authorization … More → The post Delinea expands identity security platform through StrongDM acquisition appeared first on Help Net Security.
http://news.poseidon-us.com/TQMXxH

Tines rolls out a governance layer for agents, copilots, and MCPs

Tines unveiled AI in Tines, a unified interaction layer for agents, copilots, and MCPs, enabling organizations to operationalize enterprise AI in a governed environment. While AI adoption is accelerating, the resulting value remains inconsistent. According to IDC, 88% of AI proof-of-concepts never make it to production, largely because standalone AI deployments lack the necessary context and connectivity to execute complex tasks securely. Additionally, as organizations rush to adopt tools like AI agents or custom GPTs, … More → The post Tines rolls out a governance layer for agents, copilots, and MCPs appeared first on Help Net Security.
http://news.poseidon-us.com/TQMXxF

PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155)

A critical vulnerability (CVE-2025-64155) in Fortinet’s FortiSIEM security platform has now been accompanied by publicly released proof-of-concept (PoC) exploit code, raising the urgency for organizations to patch immediately. About CVE-2025-64155 CVE-2025-64155 may allow unauthenticated, remote attackers to execute unauthorized code or commands on vulnerable FortiSIEM deployments via specially crafted TCP requests. “This flaw targets the phMonitor service, the ‘nervous system’ of the SIEM, allowing attackers to write arbitrary code into a file executed as the … More → The post PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155) appeared first on Help Net Security.
http://news.poseidon-us.com/TQMXwB

AWS European Sovereign Cloud puts data, operations, and oversight inside the EU

Amazon has made the AWS European Sovereign Cloud generally available to customers across the European Union, backed by a €7.8 billion investment. According to AWS, the funding will support infrastructure buildout, staffing, and long-term operations, and is expected to drive regional economic activity and job creation over the coming years. A separate cloud built for EU requirements The AWS European Sovereign Cloud operates as a distinct cloud environment. Infrastructure, services, and operations are located entirely … More → The post AWS European Sovereign Cloud puts data, operations, and oversight inside the EU appeared first on Help Net Security.
http://news.poseidon-us.com/TQMRJX