Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- PayPal closes loophole that let scammers send real emails with fake purchase notices
December 15, 2025
After an investigation by BleepingComputer, PayPal closed a loophole that allowed scammers to send emails from the legitimate [email protected] email address. Following reports from people who received emails claiming an automatic payment had been cancelled, BleepingComputer found that cybercriminals were abusing a PayPal feature that allows merchants to pause a customer’s subscription. Read more… Source: Malwarebytes Labs Sign up ...
- Google and Apple roll out emergency security updates after zero-day attacks
December 12, 2025
Apple and Google have released several software updates to protect against a hacking campaign targeting an unknown number of their users. On Wednesday, Google released patches for a handful of security bugs in its Chrome browser, noting that one of the bugs was being actively exploited by hackers before the company had time to patch it. ...
- CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation
December 10, 2025
Trend Micro researchers have previously published a blog on what organizations need to know about the actively exploited CVE-2025-55182, which is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components (RSC) used in React.js, Next.js, and related frameworks. RSC is a modern architecture where UI components run on the server instead of ...
- Patch Tuesday – December 2025
December 10, 2025
Microsoft is publishing a relatively light 54 new vulnerabilities this December 2025 Patch Tuesday, which is significantly lower than we have come to expect over the past couple of years. Today’s list includes two publicly disclosed remote code vulnerabilities, and a single exploited-in-the-wild vulnerability. Three critical remote code execution (RCE) vulnerabilities are also patched today; Microsoft ...
- Three critical vulnerabilities patched by SAP
December 10, 2025
SAP has released its December cumulative security update, through which it fixed 14 vulnerabilities found in different products. Among them are three critical-severity flaws which should be addressed without delay. The full list of addressed vulnerabilities can be found on this link. The most critical bug fixed this time is a code injection vulnerability discovered in ...
- React2Shell RCE flaw exploited by Chinese hackers hours after disclosure
December 8, 2025
Just as the experts predicted, cybercriminals are now actively exploiting the critical severity vulnerability in React Server Components (RSC) that was discovered late last week. To make matters worse, the crooks observed abusing the bug seem to be working for the Chinese government. Late last week, the React team published a security advisory detailing a pre-authentication ...