FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

August 20, 2025
No Comments

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as a means to establish persistent access to target networks.
Cisco Talos, which disclosed details of the activity, said the attacks single out organizations in telecommunications, higher education and manufacturing

Leave a Reply Cancel reply

Britain Drops Apple ‘Backdoor’ Demand After U.S. Pushback August 20, 2025
Britain has abandoned its demand that Apple build a “backdoor” into its encryption systems. The change follows months of quiet talks between London and Washington, Reuters reports. In a statement posted on X, U.S. Director of National Intelligence Tulsi Gabbard, said: “As a result, the UK has agreed to drop its mandate for Apple to […]
Kirsten Doyle
Colt Technology Services Battles Cyberattack, Faces Ongoing Outage August 20, 2025
Colt Technology Services has been dealing with a cyberattack that has disrupted parts of its business for more than a week. The UK-based telecommunications firm, which operates in 30 countries and runs nearly 50,000 miles of fiber connecting 900 data centers, confirmed that several internal support systems remain offline. The incident began on 12 August, […]
Kirsten Doyle
AI is a Security Analyst’s Copilot, Not a Replacement August 19, 2025
AI has fundamentally changed cybersecurity. Even the most primitive attackers are now capable of launching attacks at an unprecedented speed, frequency, and level of sophistication. As a result, defenders are under more pressure than ever. Often, when we talk about AI, we talk about its potential to put people out of work. This is perhaps […]
Josh Breaker Rolfe
Workday Confirms Data Breach After Social-Engineering Attack on Third‑Party CRM August 19, 2025
Workday, a cloud-based platform used for human capital managment and financial management, has disclosed a data breach after attackers gained access to a third-party CRM platform in a recent social engineering attack. The company said bad actors contacted employees by text or phone, pretending to be from HR or IT. Their goal was to fool […]
Kirsten Doyle
SAP NetWeaver: CVE-2025-31324 Now Exploitable at Scale August 19, 2025
In April 2025, SAP patched a critical vulnerability in NetWeaver AS Java Visual Composer. The flaw, tracked as CVE-2025-31324, allows unauthenticated remote code execution through the Visual Composer “metadata uploader” endpoint. Within weeks, proof-of-concept code appeared in public forums. Now, the exploit is no longer theoretical. Full tooling has been released. Source code is out […]
Kirsten Doyle
UK Businesses Hit by Wave of Breaches Caused by Insecure Code August 19, 2025
A new survey has revealed the extent to which poor coding practices are leaving UK businesses exposed. Two-thirds of senior technology leaders admitted their organisations suffered at least one breach or serious security incident in the past year. The common cause: insecure code. SecureFlag’s research found that of the 100 executives surveyed, nearly half reported […]
Kirsten Doyle
Massive PayPal Credential Dump Surfaces on Dark Web Forums August 19, 2025
A threat actor is selling secrets. Big ones. Operating under the alias Chucky_BF, the attacker has surfaced on underground forums with a staggering claim: over 15.8 million PayPal credentials for sale. The haul includes email addresses, plaintext passwords, and direct URLs to PayPal services. It’s being marketed as the “Global PayPal Credential Dump 2025.” Hackread […]
Kirsten Doyle
KawaLocker Ransomware Emerges in New Attack August 18, 2025
Huntress analysts have tracked a fresh ransomware incident involving KawaLocker, also known as KAWA4096. The variant is new, but the method is familiar. Attackers gained access, disabled defenses, and moved to encrypt files. Ransomware families surface often. A year ago, Huntress reported on ReadText34. Just last month, a never-before-seen strain called Crux appeared. KawaLocker joins […]
Kirsten Doyle
Managing Third-Party Security Risks in Education August 15, 2025
In December 2024, PowerSchool — one of North America’s most widely used student information systems — disclosed a breach that affected millions of students and educators. Hackers gained access using a compromised password and remained undetected for nine days, exposing sensitive personal information, including Social Security numbers and medical histories. This wasn’t just a system […]
Zac Amos
Canadian Parliament Hit by Cyberattack, Investigation Underway August 15, 2025
The House of Commons and Canada’s cybersecurity agency are investigating a significant breach of parliamentary employee data, CBC News reports. An internal email to CBC staff on Monday 11 August said a malicious actor exploited a recent Microsoft vulnerability to gain unauthorized access to a database used to manage computers and mobile devices. The data […]
Kirsten Doyle

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

Share :

Leave a Reply Cancel reply