CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.
Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.
Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 20 million Cutout.Pro AI service users hit by massive data breach
March 2, 2024
AI-powered photo and video editing platform Cutout.Pro has become the latest victim to what has turned out to be a pretty sizeable data breach. Personal information relating to as many as 20 million users, including email addresses, hashed and salted passwords, IP addresses, and names has been exposed, prompting significant privacy and security concerns. Read more… Source: MSN ...
- LockBit cyberattack: Fulton County refuses to pay ransom as deadline passes
March 1, 2024
Fulton County leaders say they have not paid any ransom to the criminal group claiming responsibility for the cyberattack that affected several of the county’s agencies. The group LockBit had set a deadline of 8:49 a.m. on Thursday for Fulton County to pay the ransom or risk having stolen data leaked onto the dark web. This ...
- US prescription market hamstrung for 9 days (so far) by ransomware attack
March 1, 2024
Nine days after a Russian-speaking ransomware syndicate took down the biggest US health care payment processor, pharmacies, health care providers, and patients were still scrambling to fill prescriptions for medicines, many of which are lifesaving. On Thursday, UnitedHealth Group accused a notorious ransomware gang known both as AlphV and Black Cat of hacking its subsidiary, Optum. ...
- Here Come the AI Worms
March 1, 2024
In a demonstration of the risks of connected, autonomous AI ecosystems, a group of researchers have created one of what they claim are the first generative AI worms—which can spread from one system to another, potentially stealing data or deploying malware in the process. “It basically means that now you have the ability to conduct or ...
- Malicious meeting invite fix targets Mac users
March 1, 2024
Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. During the attacks the criminals will send a link supposedly to add a meeting to the target’s calendar. In reality the link runs a script to install Mac malware on the target’s machine. Cybersecurity expert Brian Krebs investigated and flagged the issue. Scammers, impersonating ...
- Hackers stole ‘sensitive’ data from Taiwan telecom giant
March 1, 2024
Hackers stole “sensitive information” including military and government documents from Taiwan’s largest telecom company and sold it on the dark web, the island’s ministry of national defence has said. The confirmation of the democratic island’s latest major data leak followed a report by local news channel TVBS on the hack of telecom giant Chunghwa Telecom. Read more… Source: ...

