Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco fixed critical and high-severity flaws

Cisco fixed critical flaws that could allow attackers to bypass authentication, run code, and gain access to sensitive data. Cisco released patches for two critical and six high-severity vulnerabilities. These flaws could let attackers bypass authentication, execute malicious code, escalate privileges, and access sensitive information. One of these critical flaws is CVE-2026-20093 (CVSS score of […]

Cisco Catalyst

Cisco fixed critical flaws that could allow attackers to bypass authentication, run code, and gain access to sensitive data.

Cisco released patches for two critical and six high-severity vulnerabilities. These flaws could let attackers bypass authentication, execute malicious code, escalate privileges, and access sensitive information.

One of these critical flaws is CVE-2026-20093 (CVSS score of 9.8), a flaw in Cisco IMC that lets a remote attacker bypass authentication via a crafted HTTP request. An attacker could change user passwords, including admin, and gain full system access.

Cisco Integrated Management Controller (IMC) is a built-in management system used on Cisco servers. IMC lets administrators control and monitor a server remotely, even if the operating system is off or not working.

Cisco also patched a critical SSM On-Prem flaw, tracked as CVE-2026-20160 (CVSS score of 9.8) that allowed unauthenticated attackers to run commands on the host OS with root privileges via a crafted API request.

Cisco’s PSIRT is not aware of exploits or proof-of-concept code for these vulnerabilities, however the networking giant strongly advises customers to update to the patched software.

In March, the company fixed a critical RCE zero-day, tracked as CVE-2026-20131 (CVSS score of 10.0), in Secure Firewall FMC, exploited by Interlock ransomware. US CISA ordered federal agencies to patch within three days. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CIMC)