CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.
Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.
Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Palo Alto Networks gateways facing huge number of possible security attacks
April 2, 2025
Someone may be getting ready to attack Palo Alto Network devices, security researchers are warning after spotting a rise in activity. Analysts from GreyNoise said they observed a “significant surge” in login scanning activity against the company’s PAN-OS GlobalProtect portals, with almost 24,000 unique IP addresses attempting to access these portals in March 2025. “The pattern ...
- TookPS: DeepSeek isn’t the only game in town
April 2, 2025
In early March, we published a study detailing several malicious campaigns that exploited the popular DeepSeek LLM as a lure. Subsequent telemetry analysis indicated that the TookPS downloader, a malware strain detailed in the article, was not limited to mimicking neural networks. Kaspersky researchers identified fraudulent websites mimic official sources for remote desktop and 3D modeling ...
- Security firm Check Point confirms data breach, but says users have nothing to worry about
April 1, 2025
A hacker is claiming to have stolen a “highly sensitive” dataset from Check Point – but the company is looking to play down any concerns users might have. The cybercriminal, going by the name of CoreInjection, posted about the dataset of compromised Check Point files on a cybercrime forum – and alleges that the information contains ...
- Someone is trying to recruit security researchers in bizarre hacking campaign
April 1, 2025
Are you willing to hack and take control of Chinese websites for a random person for up to $100,000 a month? Someone is making precisely that tantalizing, bizarre, and clearly sketchy job offer. The person is using what looks like a series of fake accounts with avatars displaying photos of attractive women and sliding into the ...
- UK: Man charged after cyber attack saw terror messages displayed at train stations
April 1, 2025
A man has been charged after a cyber attack saw terror messages displayed across screens at Scotland’s busiest train stations. British Transport Police received multiple reports of a cyber security incident affecting Network Rail Wi-Fi services, provided by a third party, that displayed imagery “intended to incite religious hatred” on September 25, 2024. Network Rail said ...
- GCHQ worker admits taking top secret data home
March 31, 2025
A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone. Hasaan Arshad, 25, pleaded guilty to an offence under the Computer Misuse Act on what would have been the first day of his trial at the Old Bailey in London. The charge related to committing ...

