CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.
Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.
Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian state TV ‘hit by cyber attack’ during Putin’s speech
February 21, 2023
Russian state TV stations have reportedly been hit by a cyber attack as Vladimir Putin delivered a keynote speech on the Ukraine war. State media websites broadcasting the State of the Nation address suffered an outage on Tuesday morning. Read more… Source: The Independent
- 2022 in review: DDoS attack trends and insights
February 21, 2023
As organizations strengthen their defenses and take a more proactive approach to protection, attackers are adapting their techniques and increasing the sophistication of their operations. Cybercrime continues to rise with the industrialization of the cybercrime economy providing cybercriminals with greater access to tools and infrastructure. In the first half of 2022, the cyberthreat landscape was focused ...
- A Deep Dive into the Evolution of Ransomware Part 1
February 21, 2023
Ransomware has become a notorious and damaging form of malware, inflicting financial losses on enterprises, governments, healthcare organizations and core infrastructure. Ransomware has been a very profitable activity for malicious actors. However, we want to investigate what would cause changes in this business model—both in the far future and near future. Trend Micro team conducted comprehensive ...
- In Review: What GPT-3 Taught ChatGPT in a Year
February 21, 2023
More than a year since the world’s general enthusiasm for the then-novel GPT-3, we took a closer look at the technology and analyzed its actual capabilities and potential for threats and malfeasance. Trend Micro considerations were collected in our Codex Exposed blog series as it focused on the most prominent aspects of the technology from a ...
- DNA testing biz vows to improve infosec after criminals break into database it didn’t know it had
February 20, 2023
A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on over two million people from a nine-year-old “legacy” database the company forgot it had. The genetic testing firm, DNA Diagnostics Center (DDC) reached a settlement deal with ...
- Royal Ransomware expands attacks by targeting Linux ESXi servers
February 20, 2023
Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Trend Micro predicted in September 2022 that ransomware groups will would increasingly target Linux servers and embedded systems in the coming years after detecting a double-digit year-on-year (YoY) increase in attacks on these systems in the first half of 2022. In May ...

