Aggregated from vendor advisories, security research, and industry publications.
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway. The flaw is a server-side request forgery.
A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator,…
Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]
The high-severity flaw can be exploited remotely, without authentication, in server-side request forgery (SSRF) attacks. The post Cisco Warns of Available PoC for Critical Unified …
Particle entanglement, superposition and teleportation are key concepts in quantum physics. Einstein famously dismissed such phenomena as “spooky action at a distance.” Quantum …
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, po…
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthentic…
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco…
As is typical of Cisco, the company made several product announcements at its flagship event, Cisco Live. The most significant product announcement is Cisco Cloud Control, which re…
Meanwhile, Anthropic adds 150 partners to Project Glasswing
For much of the past decade, enterprise networking was something the industry tried to abstract away. Cloud-first architectures commoditized switching and routing, burying them und…
Cisco built the networking infrastructure that underpins the internet and the cloud. At Cisco Live this week, the company is making its case to hold that same position as enterpris…
Take a Network Break! We start with listener followup and a red alert affecting ScadaBR, an open source SCADA controller. On the news front, Forward adds predictive testing to its…
Enterprises deploying closed AI models have generally relied on published safety benchmarks to assess risk before procurement and deployment decisions. New research from Cisco’s AI…
Hardened version of open-source NOS coming to Nexus 9000s
Cisco is revamping its flagship Cisco Certified Network Associate (CCNA) certification for the first time in seven years, adding a new AI literacy pillar, more hands-on lab require…
AI agents generate up to 450% more network traffic than humans can, and they’re beginning to reshape network traffic patterns in measurable ways. Enterprise network traffic wit…
You’ll need a lot of detailed prompts to get solid output - and even then it may have errors and typos
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked …
A critical vulnerability in the on-premises version of the Cisco Secure Workload security platform could allow a threat actor to obtain the privileges of a site admin, enabling the…
Cisco is reshaping its certification portfolio to reflect an AI-first world, with major updates to CCNA and CCIE that explicitly bake AI, automation, and “human skills” into the le…
Cisco has released security updates to address a maximum-severity vulnerability in Secure Workload that allows attackers to gain Site Admin privileges. [...]
Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Critical Vulnerability in …
Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs
A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode coul…
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges…
A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operatin…
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on b…
Eighty-five percent of organizations have experienced at least one wireless security incident in the last 12 months, while 58% have suffered financial losses, with half of them tal…
Take a Network Break! In this week’s Red Alert we suggest an audit of your Azure environment after Microsoft says it patched four critical vulnerabilities. On the news front, Nvidi…