Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems. The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS score: 10.0), affects the RADIUS subsystem implementation that could permit an unauthenticated, remote attacker to inject
Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems. The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS score: 10.0), affects the RADIUS subsystem implementation that could permit an unauthenticated, remote attacker to inject
What is the Vulnerability?A series of critical vulnerabilities affecting leading zero trust platforms – Zscaler, Netskope, and Check Point (Perimeter 81) – have been disclosed following a seven-month research campaign by security researchers David Cash and Richard Warren. These flaws include authentication bypasses, privilege escalation, and hardcoded credentials, significantly weakening the core security assumptions of…
You probably can’t break FIDO authentication. Still, researchers have shown that there are ways to get around it.
Federal funding cuts to the Multi-State Information Sharing and Analysis Center (MS-ISAC) are about to leave more than 18,000 state and local organizations without access to basic cybersecurity resources they need to protect US national security, a letter sent to Congressional appropriators warns.
Organizations increasingly use agents to automate mundane tasks and address an overwhelming amount of sensitive data. However, adoption requires strict security strategies that keep humans in the loop for now.
In this Dark Reading News Desk interview, Google’s Mark Berschadski highlights the critical role browsers play in today’s work environment and how Chrome Enterprise is evolving to meet modern security challenges while enabling productivity.
Cybercriminals are auctioning off live email credentials, giving other criminals access to sensitive systems, confidential intelligence, and, potentially, a higher success rate than ever.
The US National Institute of Standards and Technology updated its Digital Identity Guidelines to match current threats. The document detailed technical recommendations as well as suggestions for organizations.
Two critical N-able vulnerabilities enable local code execution and command injection; they require authentication to exploit, suggesting they wouldn’t be seen at the beginning of an exploit chain.