Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices

Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network. The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them into

The Hacker News
#cisco#The Hacker News
Scarcity signals: Are rare activities red flags?

Talos analyzed six months of PowerShell network telemetry and found that rare domains are over three times more likely to be malicious compared to frequently contacted ones.

Why 3D-Printing an Untraceable Ghost Gun Is Easier Than Ever

On today’s episode of ‘Uncanny Valley,’ we discuss how WIRED was able to legally 3D-print the same gun allegedly used by Luigi Mangione, and where US law stands on the technology.

Ghosted by a cybercriminal

Hazel observes that cybercriminals often fumble teamwork, with fragile alliances crumbling over missed messages. Plus, how UAT-6382 is exploiting Cityworks and what you can do to stay secure.

Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks

A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. "UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access," Cisco Talos researchers

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.

GHSA-274q-79q9-52j7: Character injection in Hubble CLI

### Impact A network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using [Layer 7 Protocol Visibility](https://docs.cilium.io/en/stable/observability/visibility/#layer-7-protocol-visibility) at the time of the attack. ### Patches This issue affects all versions of Hubble CLI before v1.17.2. The issue is patched in Hubble CLI v1.17.2, via https://github.com/cilium/cilium/pull/37401. ### Workarounds Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor. ### Acknowledgements The Cilium community has worked together with members of Isovalent and the Cisco ASIG team to prepare these mitigations. Special tha...

New Nitrogen Ransomware Targets Financial Firms in the US, UK and Canada

Nitrogen, a ransomware strain, has emerged as a major threat to organizations worldwide, with a particular focus on…

Duping Cloud Functions: An emerging serverless attack vector

Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure.

We 3D-Printed Luigi Mangione’s Ghost Gun. It Was Entirely Legal

In the wake of Luigi Mangione’s alleged killing of a health care CEO with a partially 3D-printed pistol, we built the exact same weapon ourselves—and test-fired it.