Cisco has confirmed that attackers are actively exploiting a vulnerability in Unified Communications Manager that the company patched in early June. The flaw poses a direct threat to organizations still running unpatched versions of the software.
Cisco's confirmation marks the transition of the Unified CM vulnerability from theoretical risk to active exploitation in the wild. The vulnerability, patched during Cisco's June security updates, has now moved beyond proof-of-concept demonstrations to real-world attacks.
Unified Communications Manager is a critical infrastructure component for many enterprises, handling voice, video, and messaging services. The active exploitation underscores the urgency for organizations to apply the available patches immediately.
Cisco has not disclosed specific details about the attack vectors or the scope of current exploitation. However, the company's public confirmation typically indicates sufficient evidence of real-world attacks affecting customer environments.
The timeline between the patch release and exploitation confirmation is consistent with patterns seen for widely-deployed infrastructure software. Attackers routinely analyze patches to identify vulnerabilities and develop exploits once fixes become public.
Organizations running Unified CM should prioritize patching as a critical security task. The vulnerability affects systems that often sit at the core of business communications, making compromises particularly damaging.
Cisco recommends all customers review the security advisory for affected versions and apply patches accordingly. The company has provided guidance for organizations unable to patch immediately, though workarounds are limited for infrastructure of this nature.
The confirmation adds Unified CM to a growing list of enterprise infrastructure facing active exploitation. Administrators should ensure patch deployment protocols are accelerated and that security monitoring is enhanced around Unified CM instances.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.