Cisco: Actively exploited firewall flaws now abused for DoS attacks
Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops. [...]
Stay informed on Cisco security updates, threats, and solutions. Get the latest news and expert insights on Cisco information security developments.
Search across headline titles and summaries.
Background for this topic.
Cisco produces networking devices and software that manage data flow in enterprise and service provider networks, including routers, switches, and firewalls. These components are often central points controlling network traffic and access, making their integrity critical for secure communications and network stability.
Security risks with Cisco equipment commonly arise from firmware vulnerabilities, exposed management interfaces, and configuration errors that attackers can exploit to gain unauthorized access or disrupt services. Timely application of security patches and strict access controls on device management interfaces are essential to reduce exposure. Monitoring network devices for unusual activity also helps detect potential compromises early in environments relying on Cisco infrastructure.
Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops. [...]
Plus 2 new critical vulns - patch now Cisco warned customers about another wave of attacks against its firewalls, which have been battered by intruders for at least six months. It also patched two critical bugs in its Unified Contact Center Express (UCCX) software that aren't under active exploitation - yet.…
Adversarial Success Rates Jump Tenfold in Longer AI Chats, Finds CiscoOpen-weight language models can say "no" only for so long. Their safety filters break down when pushed through longer conversations, exposing flaws that one-shot tests fail to catch, found researchers at Cisco. The longer a user engages, the higher the probability of failure.
A new Cisco report exposed large language models to multi-turn adversarial attacks with 90% success rates
Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362
Cisco has released security updates to patch a critical vulnerability in the Unified Contact Center Express (UCCX) software, which could enable attackers to execute commands with root privileges. [...]
Devices Unpatched Since October 2023 Are VulnerableThe Australian cyber defense agency warned that hackers are attacking unpatched Cisco IOS XE enterprise devices to leave behind a web shell the networking manufacturer calls "BadCandy." At least 150 Cisco devices in Australia carry the implant as of late October.
PLUS: Cyber-exec admits selling secrets to Russia; LastPass isn't checking to see if you're dead; Nation-state backed Windows malware; and more Infosec in brief Australia’s Signals Directorate (ASD) last Friday warned that attackers are installing an implant named “BADCANDY” on unpatched Cisco IOS XE devices and can detect deletion of their wares and reinstall their malware.…