Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ghost CMS flaw hijacked to target hundreds of websites with ClickFix attacks
May 26, 2026
A critical-severity vulnerability that reportedly was patched three months ago is being exploited in a massive ClickFix campaign, researchers have claimed. In mid-February 2026, a critical SQL injection vulnerability was found in Ghost CMS, a popular open-source Content Management System (CMS) currently used by more than 57,000 websites, including the likes of 404 Media, The Canadian ...
- Industrial robots targeted by malware, which could open them up to hacking
May 25, 2026
A critical command injection vulnerability has been discovered in Universal Robots PolyScope 5, the operating system whucg powers the company’s collaborative robots. The flaw, tracked as CVE-2026-8153, carries a CVSS score of 9.8 and affects all software versions prior to PolyScope 5.25.1. This vulnerability could lead to complete compromise of the robot controller, affecting the confidentiality, integrity, and availability ...
- Another major Linux security flaw revealed — nine-year old issue could spell disaster for users
May 23, 2026
Security researchers Qualys discovered a major flaw in the Linux operating system (OS) that could let any ordinary user, or malicious actor, gain full admin access on vulnerable endpoints. This bug lingered in Linux systems since 2016, and affects the default installations of several major distributions, including Red Hat, SUSE, Debian, Fedora, AlmaLinux, CloudLinux, and others. Read more… Source: TechRadar News Sign up ...
- Update Chrome now: Critical bugs could let attackers run code
May 22, 2026
Google has issued updates for the Chrome browser patching a number of high‑severity vulnerabilities. The update includes fixes for two critical vulnerabilities that can be used for remote code execution just by visiting a malicious website. The stable channel has been updated to 148.0.7778.178/179 for Windows/Mac and 148.0.7778.178 for Linux, which will roll out over the coming weeks. Read more… Source: ...
- Key Microsoft legacy tool is still being abused to launch malware campaigns
May 21, 2026
Cybercriminals are increasingly using a legitimate legacy Windows tool to deploy infostealers and loader malware, researchers are saying. A new Bitdefender report has claimed that since the start of 2026, there’s been an uptick in activity related to a Windows utility called Microsoft HTML Application Host (MSHTA), a legitimate utility that runs special HTML-based application files known as HTAs. Read more… Source: ...
- NGINX Rift attackers waste no time targeting exposed servers
May 18, 2026
Exploit attempts are already hammering a newly disclosed NGINX bug dubbed “NGINX Rift,” proving once again that attackers read patch notes faster than most admins. Researchers at VulnCheck said they are seeing active exploitation tied to CVE-2026-42945, a heap buffer overflow flaw affecting both NGINX Open Source and NGINX Plus that was disclosed last week after apparently sitting ...