Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild

Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that’s under active exploitation in the wild.
Rooted in the web UI feature, the zero-day vulnerability is tracked as CVE-2023-20198 and has been assigned the maximum severity rating of 10.0 on the CVSS scoring system.
It’s worth pointing out that the shortcoming only affects enterprise networking gear that have the

https://thehackernews.com/2023/10/warnin...o-day.html

Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers

A severity flaw impacting industrial cellular routers from Milesight may have been actively exploited in real-world attacks, new findings from VulnCheck reveal.
Tracked as CVE-2023-43261 (CVSS score: 7.5), the vulnerability has been described as a case of information disclosure that affects UR5X, UR32L, UR32, UR35, and UR41 routers before version 35.3.0.7 that could enable attackers to access

https://thehackernews.com/2023/10/expert...cting.html

Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge

Recently, the cybersecurity landscape has been confronted with a daunting new reality – the rise of malicious Generative AI, like FraudGPT and WormGPT. These rogue creations, lurking in the dark corners of the internet, pose a distinctive threat to the world of digital security. In this article, we will look at the nature of Generative AI fraud, analyze the messaging surrounding these creations,

https://thehackernews.com/2023/10/explor...ative.html

Pro-Israeli Hacktivist Group 'Predatory Sparrow' Reappears

It's been a year since its last communication and attack on Iran — but the conflict with Hamas appears to have reactivated the group.

https://www.darkreading.com/dr-global/pr...-reappears

Name That Toon: Modern Monarchy

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

https://www.darkreading.com/cloud/name-t...n-monarchy

'RomCom' Cyber Campaign Targets Women Political Leaders

A threat group known as "Void Rabisu" used a spoofed Women Political Leaders Summit website to target attendees to the actual conference with espionage malware.

https://www.darkreading.com/attacks-brea...al-leaders

Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit

No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.

https://www.darkreading.com/vulnerabilit...ve-exploit

Kaspersky Launches Specialized Security Solution for Containerized Environments



https://www.darkreading.com/cloud/kasper...vironments

Malicious 'Airstrike Alert' App Targets Israelis

A spoofed version of the popular RedAlert app collects sensitive user data on Israeli citizens, including contacts, call logs, SMS account details, and more.

https://www.darkreading.com/application-...s-israelis

Security Must Empower AI Developers Now

Enterprises need to create a secure structure for tracking, assessing, and monitoring their growing stable of AI business apps.

https://www.darkreading.com/edge/securit...lopers-now