Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
April 6, 2026
The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates high-velocity ransomware campaigns that weaponize N-days, targeting vulnerable, web-facing systems during the window between vulnerability disclosure and widespread patch adoption. Following successful exploitation, Storm-1175 rapidly moves from initial access to data exfiltration and deployment of Medusa ransomware, often within a few days and, ...
- Apple expands “DarkSword” patches to iOS 18.7.7
April 2, 2026
Apple widened its latest iOS 18 security update to cover far more iPhones and iPads, specifically to stop real‑world DarkSword attacks that can compromise a device from a single website visit. After researchers published their findings about the DarkSword attacks and an exploit kit abusing the vulnerabilities appeared on GitHub, Apple quietly updated its March 24 ...
- Gigabyte warns users Control Center flaw could let hackers hijack your files
April 1, 2026
GIGABYTE Control Center, a Windows utility which comes preloaded with certain computers, carried a critical-severity vulnerability that allowed malicious actors to access files, run code, and trigger denial-of-service conditions on affected devices. The bug has now been addressed and users are advised to patch up without delay. GIGABYTE is a major hardware manufacturer known for, among ...
- Coruna: the framework used in Operation Triangulation
March 26, 2026
On March 4, 2026, Google and iVerify published reports about a highly sophisticated exploit kit targeting Apple iPhone devices. According to Google, the exploit kit was first discovered in targeted attacks conducted by a customer of an unnamed surveillance vendor. It was later used by other attackers in watering-hole attacks in Ukraine and in financially motivated ...
- CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read
March 23, 2026
On March 23, 2026, Citrix published a security advisory for a critical vulnerability affecting their NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products. This vulnerability, CVE-2026-3055, which is classified as an out-of-bounds read and holds a CVSS score of 9.3, allows unauthenticated remote attackers to leak potentially sensitive information from the appliance’s ...
- CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)
March 20, 2026
Rapid7 Labs recently identified a chain of security vulnerabilities in the Gainsight Assist plugin and its interactions with the associated domain app.gainsight.com. These vulnerabilities include an Information Disclosure flaw (CVE-2026-31381) and a Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2026-31382). By chaining these vulnerabilities, an attacker can move from passive information gathering to active client-side exploitation. The XSS ...