China-Linked APT Expands Proxy Network With New Malware
Cisco Talos said China-linked APT UAT-7810 is growing its proxy relay network with new malware
Stay informed on Cisco security updates, threats, and solutions. Get the latest news and expert insights on Cisco information security developments.
Search across headline titles and summaries.
Background for this topic.
Cisco produces networking devices and software that manage data flow in enterprise and service provider networks, including routers, switches, and firewalls. These components are often central points controlling network traffic and access, making their integrity critical for secure communications and network stability.
Security risks with Cisco equipment commonly arise from firmware vulnerabilities, exposed management interfaces, and configuration errors that attackers can exploit to gain unauthorized access or disrupt services. Timely application of security patches and strict access controls on device management interfaces are essential to reduce exposure. Monitoring network devices for unusual activity also helps detect potential compromises early in environments relying on Cisco infrastructure.
Weekly headline count for the current query.
Cisco Talos said China-linked APT UAT-7810 is growing its proxy relay network with new malware
A high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as March
Cisco Talos uncovers CloudZ RAT and Pheno plugin abusing Microsoft Phone Link to intercept SMS OTPs
CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns
Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says
CISA issued urgent directive as attackers exploit Cisco SD-WAN flaw granting admin access to networks
Two of the 48 Cisco vulnerabilities, affecting Secure Firewall Management Center, are maximum-severity flaws
The US and allies are urging Cisco Catalyst SD-WAN customers to hunt for signs of exploitation
Cisco Talos has detected new tactics from a financially motivated actor using DeadLock ransomware
Cisco Talos has observed overlaps between Kraken and the earlier HelloKitty cartel through attack tactics using SMB flaws for big-game hunting and double extortion
A new Cisco report exposed large language models to multi-turn adversarial attacks with 90% success rates
ToolShell exploit activity surged last quarter, appearing in over 60% of Cisco Talos IR cases and driving a sharp rise in public-facing application attacks
Trend Micro have reported a campaign exploiting a flaw in Cisco SNMP to install Linux rootkits on devices
Cisco Talos has identified a Chinese-speaking cybercrime group that targets high-value Internet Information Services (IIS) for SEO fraud
An attack campaign has been identified which exploits vulnerabilities in Cisco Adaptive Security Appliance software
Cisco Talos found that abuse of remote services and remote access software are the most prevalent ‘pre-ransomware’ tactics deployed by threat actors
Russian state-backed hackers are exploiting a seven-year-old Cisco Smart Install vulnerability (CVE-2018-0171) in end-of-life devices, prompting warnings from the FBI and Cisco Talos
Cisco Talos observed the newly identified group compromise a Taiwanese web hosting provider to conduct a range of malicious activities
Cisco has issued a software update to address the vulnerability, which can allow an unauthenticated, remote attacker to inject arbitrary shell commands
Hackers are actively exploiting two critical flaws in Cisco Identity Services Engine, said the US Cybersecurity and Infrastructure Security Agency