CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.
Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.
Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- There Are Too Many Damn Honeypots
February 2, 2024
Determining the number of internet-facing hosts affected by a new vulnerability is a key factor in determining if it will become a widespread or emergent threat. Are there a lot of hosts affected? Pretty good possibility things are about to pop off. Only a few hosts? Probably less likely. But actually, counting those hosts has become ...
- Former CIA employee sentenced to 40 years in prison after carrying out largest data leak in agency’s history
February 1, 2024
A former CIA employee was sentenced to 40 years in prison after carrying out the largest data leak in the agency’s history, the US Attorney’s Office of the Southern District of New York announced Thursday. Joshua Schulte – who was accused of handing over reams of classified data to WikiLeaks in 2016 – was convicted in ...
- Ukraine says 2,000 computers of state firm were impacted in cyber attack
February 1, 2024
Ukraine’s state computer emergency response team CERT-UA said on Thursday around 2,000 computers had been affected in the recent cyber attack on an unnamed state-run company. “As part of the detailed study of the cyber threat, the obtained malware samples were examined, the peculiarities of the functioning of the infrastructure of control servers were established, and ...
- Volt Typhoon Actors Exploiting Insecure SOHO Routers
January 31, 2024
Threat actors—particularly the People’s Republic of China (PRC)—sponsored Volt Typhoon group—are compromising small office/home office (SOHO) routers by exploiting software defects that manufacturers must eliminate through secure software design and development. Specifically, Volt Typhoon actors are exploiting security defects in SOHO routers to use them as launching pads to further compromise U.S. critical infrastructure entities. CISA ...
- Czech cyber security agency reports record number of attacks in 2023
January 31, 2024
Czechia’s National Cyber and Security Information Agency says it registered a record number of cyber-attacks last year. The state organisation said on its website on Wednesday that it had recorded 262 such attacks in 2023, compared to 146 the previous year. The agency said the increase was mainly due to repeated waves of DDoS attacks led ...
- Hackers obtain confidential information on Romanian officials after cyber attack at Parliament
January 31, 2024
Hackers breached the database of the Romanian Chamber of Deputies, the lower house of the Parliament, after a recent cyber attack. They reportedly managed to obtain confidential information, such as the prime minister’s identity documents, medical analyses, and other personal data. The hackers threatened to release the personal data of the deputies if they did not ...

