Australia warns of BadCandy infections on unpatched Cisco devices
The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell. [...]
Security warnings identify potential threats, unsafe configurations, or urgent weaknesses so organizations can assess risk and take protective action.
Search across headline titles and summaries.
Background for this topic.
Warning is a notification that a security-relevant condition may require attention, such as a newly disclosed vulnerability, suspicious authentication activity, malicious campaign, unsafe configuration, or deceptive message. In security news, the term commonly covers public advisories and threat-intelligence notices as well as operational alerts generated by defensive systems; it does not by itself prove that an attack or compromise has occurred.
Practitioners should assess the warning’s source, affected products or environments, evidence, severity, exploitability, and recommended action. Vulnerability warnings may require identifying exposed assets, applying a fix or mitigation, and checking for exploitation; campaign warnings may provide indicators for detection and investigation. Alerts should be triaged against logs and other evidence, with significant findings routed into incident response. Because attackers can imitate urgent security notices, recipients should verify requests and access instructions through trusted channels, while excessive or poorly tuned alerts can create fatigue and obscure genuinely important signals.
The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell. [...]
The Cybersecurity & Infrastructure Security Agency (CISA) warned today that attackers are actively exploiting two vulnerabilities in Dassault Systèmes' DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution. [...]
Google announced today that the Chrome web browser will start warning users by default before connecting to insecure HTTP public websites beginning with Chrome 154 in October 2026. [...]
X is warning that users must re-enroll their security keys or passkeys for two-factor authentication (2FA) before November 10 or they will be locked out of their accounts until they do so. [...]
QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. [...]