The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has set an urgent Sunday deadline for federal agencies to patch a critical vulnerability in Cisco Unified Communications Manager Server that attackers are actively exploiting.
CISA issued the directive after discovering active exploitation of the Cisco flaw in federal networks. The vulnerability poses a significant risk to government infrastructure and communications systems, prompting the agency to mandate immediate remediation across all federal agencies.
The Cisco Unified Communications Manager Server vulnerability allows attackers to compromise systems and potentially gain unauthorized access to sensitive communications. Federal agencies that fail to apply patches by the deadline face potential consequences and increased security risk exposure.
CISA regularly identifies and tracks vulnerabilities being exploited in the wild, publishing emergency directives when threats pose immediate danger to critical infrastructure. This latest order reflects the severity of the Cisco flaw and the active threat landscape.
Cisco has released patches to address the vulnerability. Federal agencies are expected to prioritize deployment across their networks, including any systems running affected versions of the Unified Communications Manager Server.
The deadline underscores CISA's role in coordinating cybersecurity defenses across federal systems. Emergency patching directives are reserved for vulnerabilities with demonstrated exploitation or those affecting critical infrastructure.
Organizations outside the federal government are also advised to apply available patches. Private sector entities managing communications infrastructure should treat this vulnerability with similar urgency.
CISA continues monitoring the threat landscape and tracks known exploited vulnerabilities through its Known Exploited Vulnerabilities Catalog. Agencies and organizations can reference this resource for guidance on remediation priorities and timelines.
The FBI is alerting the public to fraudulent websites impersonating FIFA ahead of the 2026 World Cup. The scam sites aim to steal personal and financial data, sell counterfeit tickets and hospitality packages, and execute related fraud schemes.
A newly discovered Windows zero-day vulnerability called LegacyHive allows attackers to escalate privileges on fully updated systems. The exploit was released by security researcher Nightmare Eclipse.
A new Android remote access trojan called BTMOB is being offered as a service to cybercriminals, complete with a builder interface for generating tailored malware payloads designed for phishing campaigns.
U.S. prosecutors charged a New York man and woman Thursday for laundering money stolen through cyber investment fraud scams. The charges mark a significant enforcement action against a large-scale criminal operation.