Cisco discloses data breach affecting cisco.com accounts. Basic profile details were leaked through a vishing attack.
Posted inCybersecurity News

Cisco discloses data breach affecting cisco.com accounts. Basic profile details were leaked through a vishing attack.

Cisco has disclosed a data breach affecting Cisco.com user accounts, revealing that unauthorized actors gained access to basic profile information following a sophisticated voice phishing (vishing) attack. The breach was discovered on July 24, 2025, after cybercriminals deceived a Cisco representative and obtained credentials that allowed them to access a third-party cloud-based Customer Relationship Management (CRM) system used by the company.
CISA issues urgent alert for several actively exploited vulnerabilities targeting Cisco Identity Services Engine.
Posted inCybersecurity News

CISA issues urgent alert for several actively exploited vulnerabilities targeting Cisco Identity Services Engine.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent warning concerning several actively exploited, critical vulnerabilities affecting Cisco’s Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). These security flaws have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog following reports of real-world exploitation, putting organizations at significant risk if not promptly addressed.
And we wonder why we have so many zero-days. Cisco says some dolt embedded hardcoded SSH credentials in its widely deployed enterprise communications platforms.
Posted inCybersecurity News

And we wonder why we have so many zero-days. Cisco says some dolt embedded hardcoded SSH credentials in its widely deployed enterprise communications platforms.

Cisco has issued an urgent security advisory regarding a critical vulnerability in its widely deployed enterprise communications platforms, specifically Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability, tracked as CVE-2025-20309, poses a severe risk to organizations due to the presence of hardcoded SSH credentials that could allow attackers to gain full control over affected systems.