Cisco ASA
-
Cisco patches maximum-severity flaw in Secure Workload
Cisco has patched a CVSS 10.0 flaw in Secure Workload that could let an unauthenticated remote attacker read sensitive data and make configuration changes. The company said it found the bug during internal testing and has seen no signs of abuse.
-
Cisco patches critical SD-WAN Controller flaw after limited exploitation
Cisco said a critical authentication bypass in Catalyst SD-WAN Controller, CVE-2026-20182, was exploited in limited attacks. The flaw can let a remote attacker gain administrative access and alter SD-WAN network settings.
-
Cisco in advanced talks to buy Axonius for $2 billions
Cisco is in advanced talks to acquire Israeli cybersecurity firm Axonius for $2 billion, according to a Calcalist report. Axonius was previously valued at $2.6 billion and has raised about $700 million.
-
Cisco warns of active exploitation of AsyncOS zero-day by China-nexus APT
Cisco warned that a maximum-severity AsyncOS zero-day (CVE-2025-20393) is being actively exploited by a China-nexus APT, targeting Secure Email Gateway and Secure Email and Web Manager appliances; exploitation requires the Spam Quarantine feature to be exposed to the internet, and Cisco, CISA and other firms have issued mitigations and alerts.
-
CISA orders federal agencies to remediate two exploited Cisco firewall flaws
CISA ordered U.S. federal agencies to remediate two actively exploited Cisco ASA and Firepower vulnerabilities (CVE-2025-20333, CVE-2025-20362), warned that some devices reported as patched remain vulnerable, and added three flaws to its KEV catalog with a December 3, 2025 remediation deadline.
