CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.
Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.
Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- OpenAI Data Breach Exposes User Data
December 1, 2025
A few days ago, on November 26th, right before Thanksgiving, OpenAI, the maker of ChatGPT, confirmed a recent security breach incident that started towards the beginning of November, which impacted its users, specifically those connected through OpenAI’s APIs. What caused the data breach? “On November 9, 2025, Mixpanel became aware of an attacker that gained unauthorized ...
- South Korea cyber crisis deepens as Coupang data leak exposes national vulnerabilities
December 1, 2025
An investigation is under way into the cause of the breach. The leak raised concerns about phishing attempts targeting customers. Telecom, payments and crypto firms also reported recent breaches. A major data breach at South Korea’s biggest e-retailer has intensified concerns about the country’s digital preparedness, with the latest incident now seen as part of a ...
- Thousands of Airbus planes grounded after faulty software detected
November 29, 2025
Airlines around the world have been forced to ground thousands of Airbus planes following the discovery of a software problem which may have contributed to a sudden drop in the altitude of a plane last month, injuring 15 people. Around 6,000 A320 planes are thought to be affected, delaying and cancelling flights over the weekend. Airbus ...
- Tomiris wreaks Havoc: New tools and techniques of the APT group
November 28, 2025
While tracking the activities of the Tomiris threat actor, Kaspersky researchers identified new malicious operations that began in early 2025. These attacks targeted foreign ministries, intergovernmental organizations, and government entities, demonstrating a focus on high-value political and diplomatic infrastructure. In several cases, Kaspersky traced the threat actor’s actions from initial infection to the deployment of post-exploitation ...
- Organised crime online: How Europol disrupts cybercrime
November 27, 2025
How does Europol target cybercrime networks? Investigate phishing-as-a-service platforms? Or help tackle child sexual exploitation? This publication, presented at the Committee on Civil Liberties, Justice and Home Affairs Ordinary (LIBE), provides a general overview on how Europol disrupts cybercrime, taking the key insights from the Internet Organised Crime Threat Assessment (IOCTA) and EU Serious and Organised ...
- The Golden Scale: ‘Tis the Season for Unwanted Gifts
November 26, 2025
In October 2025, we published two Insights blogs on threat activity affiliated with the cybercriminal alliance known as Scattered LAPSUS$ Hunters (SLSH). After a few weeks of apparent inactivity, the threat actors have returned with a vengeance based on open-source reporting and conversations obtained from a new Telegram channel (scattered LAPSUS$ hunters part 7). This latest ...