CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.
Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.
Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Series of cyber attacks risks sensitive data at New Jersey schools, hospitals
January 30, 2024
Class was canceled Monday across the Freehold Township school district, but not for the familiar January troubles of slushy roads, frozen pipes or a busted boiler. No, this was “a cybersecurity event” that ground school business to a halt. District officials disclosed little about what happened, assuring parents in an email they “retained outside IT expert consultants ...
- Sustainability Business Division of Schneider Electric Responds to Cybersecurity Incident
January 29, 2024
On January 17th, 2024, a ransomware incident affected Schneider Electric Sustainability Business division. The attack has impacted Resource Advisor and other division specific systems. Schneider Electric Global Incident Response team has been immediately mobilized to respond to the attack, contain the incident, and to reinforce existing security measures. Sustainability Business division has informed impacted customers. Read more… Source: ...
- Ukrainian activists launch devastating cyber attack on Russian Space Hydrometeorology Center
January 29, 2024
Ukraine’s Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, known as “planeta” (планета), and wiped 2 petabytes of data. Planeta is a state research center that uses space satellite data and ground sources such as radars and stations to provide information and accurate predictions about weather, climate, natural disasters, extreme ...
- Blackwood APT Group Has a New DLL Loader
January 29, 2024
This week, the SonicWall Capture Labs threat research team analyzed a sample tied to the Blackwood APT group. This is a DLL that, when loaded onto a victim’s computer, will escalate privileges and attempt to install a backdoor for communications monitoring and diversion. It has evasive capabilities and, as of this writing, is targeting companies and ...
- Hacked Microsoft test account was assigned admin privileges
January 27, 2024
The hackers who recently broke into Microsoft’s network and monitored top executives’ email for two months did so by gaining access to an aging test account with administrative privileges, a major gaffe on the company’s part, a researcher said. The new detail was provided in vaguely worded language included in a post Microsoft published on Thursday. ...
- The dangers of unused bank accounts and how to close them
January 26, 2024
If you’re like most people, you’ve likely got at least a few unused bank accounts floating around. However, there may be financial and security dangers associated with keeping these unused bank accounts active. Security risks of unused bank accounts Fraud exposure: Unused bank accounts can become targets for fraud. Closing these accounts minimizes the risk. Avoidance of fees: ...

