Tech News
Back to home
Technology

As many as 2 million Cisco devices affected by actively exploited 0-day

Source

Ars Technica

Published

TL;DR

AI Generated

A zero-day vulnerability affecting up to 2 million Cisco devices has been actively exploited, allowing attackers to remotely crash or execute code on vulnerable systems. The vulnerability, identified as CVE-2025-20352, exists in all supported versions of Cisco IOS and Cisco IOS XE, posing a risk to various networking devices. It can be leveraged by low-privileged users for denial-of-service attacks or by higher-privileged users to run code with root privileges. Cisco advises customers to upgrade to a patched software release to address this issue, which has a severity rating of 7.7 out of 10.

Read Full Article

Similar Articles

Anthropic's Model Context Protocol includes a critical remote code execution vulnerability — newly discovered exploit puts 200,000 AI servers at risk

Anthropic's Model Context Protocol includes a critical remote code execution vulnerability — newly discovered exploit puts 200,000 AI servers at risk

Security researchers discovered a critical remote code execution vulnerability in Anthropic's Model Context Protocol (MCP), affecting SDKs in Python, TypeScript, Java, and Rust. This flaw puts up to 200,000 AI servers at risk across a supply chain with over 150 million downloads. Despite the exposure, Anthropic has declined to patch the protocol, stating that the behavior was expected. OX Security's research team identified multiple exploitation methods and recommended protocol-level fixes to Anthropic, which were reportedly declined. The vulnerability comes shortly after Anthropic launched Claude Mythos, a model aimed at identifying security vulnerabilities in other software, prompting calls for the company to address its own infrastructure vulnerabilities.

Tom's Hardware
Iran claims US exploited networking equipment backdoors during strikes — says devices from Cisco and others failed despite blackout in attack that 'indicates deep sabotage'

Iran claims US exploited networking equipment backdoors during strikes — says devices from Cisco and others failed despite blackout in attack that 'indicates deep sabotage'

Iran has accused the U.S. of exploiting networking equipment backdoors from Cisco, Juniper, Fortinet, and MikroTik during military operations against Iran. The Iranian media claims that these devices failed during the attacks despite Iran being disconnected from the global Internet, suggesting deep sabotage. While these claims are unverified, the U.S. has confirmed conducting cyber operations against Iran's communications infrastructure. The vendors named by Iran have had past security issues, with examples like NSA intercepting Cisco routers for surveillance implants and Juniper finding unauthorized code in its firmware. Chinese state media has supported Iran's claims, linking them to American backdoors in networking hardware.

Tom's Hardware
Ultra Ethernet Security (UET‑TSS) Tailored For AI And HPC

Ultra Ethernet Security (UET‑TSS) Tailored For AI And HPC

The article discusses the development of Ultra Ethernet Security (UET‑TSS) tailored for AI and HPC systems. Traditional Ethernet security mechanisms were not designed for the scaling and trust assumptions of next‑generation networks supporting AI and high‑performance computing (HPC). The Ultra Ethernet Consortium (UEC) introduced the Ultra Ethernet Specification 1.0 to define a new Ethernet‑based transport protocol for AI and HPC networks, focusing on security as a key architectural concern. The Ultra Ethernet Transport Security Sub‑layer (UET‑TSS) was created to address the security challenges posed by the architectural shift in AI/HPC clusters. Rambus introduced two new solutions, UET-TSS-IP-69 and UET-TSS-IP-369, to secure UET transport protocol with TSS for SmartNICs and NIC chiplets.

SemiEngineering
DDoS scrubbing service ironic target of massive attack it was built to prevent — hit with 1.5 billion packets per second from more than 11,000 distributed networks

DDoS scrubbing service ironic target of massive attack it was built to prevent — hit with 1.5 billion packets per second from more than 11,000 distributed networks

A DDoS scrubbing service was hit by a massive DDoS attack, receiving 1.5 billion packets per second from over 11,000 distributed networks. FastNetMon, a defensive firm, helped mitigate the attack, emphasizing the need for ISP-level support against such attacks. DDoS scrubbing is a defense mechanism that filters traffic to distinguish legitimate users from malicious sources. While this attack was successfully defended, it highlights the growing threat of DDoS attacks and the need for stronger anti-DDoS measures and regulations.

Tom's Hardware

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.