Aggregator

You must login to view this content

You must login to view this content

You must login to view this content

You must login to view this content

Today, CISA issued Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices to address vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Cisco Firepower devices. CISA has added vulnerabilities CVE-2025-20333 and CVE-2025-20362 to the Known Exploited Vulnerabilities Catalog. 

The Emergency Directive requires federal agencies to identify, analyze, and mitigate potential compromises immediately. Agencies must:

• Identify all instances of Cisco ASA and Cisco Firepower devices in operation (all versions).
• Collect and transmit memory files to CISA for forensic analysis by 11:59 p.m. EST Sept. 26. 

For detailed guidance, including additional actions tailored to each agency’s status, refer to the full Emergency Directive ED 25-03.

The following associated resources are available to assist agencies. 

• Supplemental Direction ED 25-03: Core Dump and Hunt Instructions
• Eviction Strategies Tool with a Cisco ASA Compromise template to assemble a comprehensive eviction plan with distinct countermeasures for containment and eviction which can be tailored to individual network owners’ specific needs.
• Known Exploited Vulnerabilities Catalog
• Cisco Security Advisories:
  • Cisco Event Response: Continued Attacks Against Cisco Firewalls
  • CVE-2025-20333: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability
  • CVE-2025-20362: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability
• United Kingdom National Cyber Security Centre (NCSC):
  • NCSC warns of persistent malware campaign targeting Cisco devices
  • Malware Analysis Report: RayInitiator & LINE VIPER

Although ED 25-03 and the associated supplemental guidance are directed to federal agencies, CISA urges all public and private sector organizations to review the Emergency Directive and associated resources and take steps to mitigate these vulnerabilities.

CISA released one Industrial Control Systems (ICS) advisory on September 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-268-01 Dingtian DT-R002

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

In recent weeks, security researchers have observed a surge in targeted attacks attributed to the COLDRIVER advanced persistent threat (APT) group. This adversary has introduced a new PowerShell-based backdoor, dubbed BAITSWITCH, which exhibits sophisticated command-and-control techniques while blending into legitimate Windows processes. Initial sightings trace back to late July 2025, when intrusion attempts against government […]

The post COLDRIVER APT Group Uses ClickFix To Deliver a New PowerShell-Based Backdoor BAITSWITCH appeared first on Cyber Security News.

In July 2024, Recorded Future’s Insikt Group publicly exposed TAG-100, a cyber-espionage campaign leveraging the Go-based backdoor Pantegana against high-profile government, intergovernmental and private organizations worldwide. New evidence now attributes TAG-100 to a Chinese state-sponsored threat actor, designated RedNovember. Between June 2024 and July 2025, RedNovember—overlapping with Storm-2077—has expanded its operations to target perimeter appliances […]

The post RedNovember Hackers Targeting Government and Tech Organizations to Install Backdoor appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability in the implementation of the TACACS+ protocol for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication controls or access sensitive data. The flaw originates from the software’s failure to properly verify whether a required TACACS+ shared secret is configured, creating a window for machine-in-the-middle (MitM) […]

The post Cisco IOS and XE Vulnerability Let Remote Attacker Bypass Authentication and Access Sensitive Data appeared first on Cyber Security News.

A recent wave of sophisticated phishing attacks has targeted developers and startups by impersonating Y Combinator through GitHub notifications. Victims are being tricked into believing they’ve been selected for startup funding, only to face financial theft via fake verification schemes. This incident spotlights the new tactics phishers use to exploit trusted online platforms and reputable […]

The post Hackers Use GitHub Notifications to Impersonate Y Combinator and Steal Wallet Funds appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.