Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)
June 30, 2025
During security testing, Rapid7 discovered that Konica Minolta bizhub 227 Multifunction printers (MFPs) were vulnerable to a pass-back attack. The affected products identified were: Konica Minolta bizhub MFPs Firmware Version: GCQ-Y3 and earlier This issue has been assigned the following CVEs: CVE-2025-6081: LDAP pass-back vulnerability The Konica Minolta bizhub Multifunction printer (MFP) is an all-in-one enterprise printer designed ...
- Bluetooth security flaw could let hackers spy on your device via microphone
June 30, 2025
Security researchers have uncovered three vulnerabilities in a Bluetooth chipset present in dozens of devices from multiple manufacturers. The vulnerabilities, they say, can be exploited to eavesdrop on people’s conversations, steal call history and contacts information, and possibly even deploy malware on vulnerable devices. However, exploiting the flaws for these purposes is quite difficult, so practical ...
- Cisco Releases Security Advisory Affecting Cisco Identity Service Engine
June 26, 2025
Cisco has released a security advisory addressing two vulnerabilities, affecting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) . CVE-2025-20281 Cisco ISE API Unauthenticated Remote Code Execution Vulnerability CVE-2025-20281 is an ‘API unauthenticated remote code execution’ vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow a remote, unauthenticated attacker to ...
- Active Exploitation of Zero-Day Vulnerability CVE-2025-6543 in NetScaler ADC and NetScaler Gateway
June 26, 2025
Citrix has released a critical security bulletin addressing a vulnerability affecting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Citrix NetScaler is an all-in-one load balancer, web application firewall (WAF), virtual private network (VPN) gateway and SSL offloading tool for web applications. CVE-2025-6543 is a ‘memory overflow’ vulnerability with a CVSSv4 base score of ...
- Multiple Brother Devices: Multiple Vulnerabilities (FIXED)
June 25, 2025
Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 ...
- Canadian Centre for Cyber Security/FBI: People’s Republic of China cyber threat activity
June 20, 2025
The Canadian Centre for Cyber Security (Cyber Centre) and the United States’ Federal Bureau of Investigation (FBI) are warning Canadians of the threat posed by People’s Republic of China (PRC) state-sponsored cyber threat actor tracked in industry reporting as Salt Typhoon. The Cyber Centre previously joined our partners in warning that PRC cyber actors have compromised ...