CISA orders federal agencies to patch exploited Cisco flaw by Sunday
Active exploitation of a Cisco Unified Communications Manager vulnerability prompts emergency directive with three-day compliance window for civilian agencies.
The U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency directive requiring federal civilian agencies to patch a vulnerability in Cisco Unified Communications Manager Server by Sunday. The flaw is under active exploitation in the wild.
CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, a list reserved for flaws with confirmed real-world abuse. The agency's Binding Operational Directive 22-01 mandates that federal civilian executive branch agencies remediate catalog-listed vulnerabilities within prescribed timeframes—in this case, three days from Thursday's announcement.
Cisco Unified Communications Manager is enterprise call-control infrastructure widely deployed across government and corporate networks. The specific vulnerability and attack vector have not been publicly detailed, but CISA's accelerated timeline signals assessed risk of lateral movement or data exfiltration in targeted environments.
- 01Federal IT teams face weekend deployment of telephony patches under operational pressure.
- 02Private sector Cisco customers should inventory exposure; no mandate but reputational and legal risk.
- 03Threat actors may accelerate exploitation before Sunday, anticipating reduced attack surface post-deadline.
Ransomware attack executed entirely by AI agent, researchers report
JadePuffer operation marks what may be the first documented case of a fully autonomous LLM-driven ransomware deployment from reconnaissance to encryption.
Agentic AI Executes Multi-Stage Ransomware Attack via Langflow
Demonstration shows large language model agents autonomously combining exploitation techniques with real-time reasoning to conduct complex intrusions without human intervention.
FortiBleed Attackers Monetize Firewall Access Through Ransomware Partnerships
Actors who compromised thousands of Fortinet devices are now collaborating with Inc and Lynx ransomware groups, adding Nextcloud exploitation to their toolkit.