Cisco Confirms Multiple Zero-Days Under Active Attack — Millions of Devices at Risk

 

Probably the biggest cybersecurity news this week: Cisco has confirmed multiple critical zero-day vulnerabilities across its platforms — and attackers are already exploiting them. What’s happening: * Over 2 million Cisco devices potentially exposed. * SNMP stack overflow: crash devices or run code as root with low-privileged credentials. * Critical Web Services flaw (CVSS 9+): remote unauthenticated code execution on Cisco Secure Firewalls and low-privileged attacks on IOS devices when VPN or TTP services are enabled. * CISA Emergency Directive: federal agencies must patch or disconnect Cisco devices within 24 hours — everyone else should act now. * No workarounds: upgrade immediately and restrict SNMP/Web Services to trusted hosts until patched. Why it matters: These vulnerabilities are being actively exploited right now — not theoretical. They can lead to total device compromise of routers, switches, ASA, and Firepower Systems worldwide. Take Action: Patch, limit exposure, and monitor your logs, metrics, and traces — the hallmarks of observability. I’m Peter with Plixer — Like and Subscribe to stay ahead of the latest cyber threats. https://www.darkreading.com/vulnerabilities-threats/cisco-actively-exploited-zero-day-bugs-firewalls-ios https://arstechnica.com/security/2025/09/as-many-as-2-million-cisco-devices-affected-by-actively-exploited-0-day/

Scattered Spider Hacker Busted by Food Orders & Gaming Accounts

 

Saturday Security usually focuses on doom and gloom — breaches, leaks, and ransomware. But this week’s story is almost cinematic. The Scattered Spider hacking crew allegedly extorted $115 million from more than 200 victims — even breaching the U.S. Federal Court network — only to get caught through food deliveries, crypto wallets, and gaming accounts. According to the Justice Department, 19-year-old Thalha Jubair and his team used help desk calls to hijack admin accounts, steal sensitive data, and lock down entire organizations. Some victims reportedly paid $25 million and $36 million ransoms to regain access. Investigators traced the group’s activity through cryptocurrency wallets, Uber Eats, and Steam gaming profiles, seizing $36 million in crypto and charging Jubair with over 100 counts of computer intrusion. He now faces up to 95 years in prison. It’s a wild reminder of how quickly social-engineering hacks can blow up — and how quickly they can unravel. Hit like and subscribe for more Saturday Security stories that go behind the headlines.

Vidar Infostealer Strikes Back — Inside the Updated Malware-as-a-Service Threat

 

The infamous Vidar infostealer is back — and it’s stealthier than ever. First spotted in 2018, Vidar has evolved into a powerful malware-as-a-service platform capable of stealing credentials, cookies, financial data, authentication tokens, and more from compromised systems. Aryaka’s latest research on Vidar’s newest campaign explains: • Encrypted command-and-control (C2) channels • Abuse of built-in Windows tools and PowerShell • Covert exfiltration and bypass of Windows Defender and AMSI • Randomized directories, filenames, and hidden scheduled tasks • Hooks into browser APIs to snatch passwords before encryption They also cover actionable defenses to protect yourself and your organization: user education, PowerShell hardening, anomaly detection, layered DNS filtering, secure email/web gateways, and EDR tools. Vidar isn’t going away — but with the right visibility, layered defenses, and Plixer One you can stay one step ahead. https://www.darkreading.com/endpoint-security/vidar-infostealer-back-with-vengeance https://siliconangle.com/2025/09/04/vidar-infostealer-gains-traction-among-cybercriminals-ease-use-drives-adoption/

Salesforce OAuth Breach Exposes Hundreds of Companies | Why Network Visibility Matters

 

Between August 8–18, attackers weaponized stolen OAuth tokens to silently access Salesforce instances across hundreds of companies, including industry leaders like Palo Alto Networks and Google. This wasn’t brute force. 🔒 It blended into normal traffic 🛑 Bypassed logs, SIEM rules, and firewalls 📉 Result: customer data stolen, trust broken, supply chains disrupted The wake-up call? Blind trust in third-party integrations leaves you exposed. That’s why deep, continuous network visibility is no longer optional. With an Observability and Defense Platform like Plixer One, organizations can: * Analyze real-time + historical flow data * Detect anomalies like unusual Salesforce exports * Spot credential misuse from odd locations * Trace hidden lateral movement—even if logs are erased The Salesloft Drift breach proves it: reactive defenses aren’t enough. You need clarity, context, and confidence to stay ahead. What’s your take—are companies over-trusting third-party integrations? Comment below! Like | Subscribe | Stay Informed #Salesforce #Cybersecurity #PlixerOne #DataBreach #SupplyChainSecurity