10 matches found
UAT-4356's Targeting of Cisco Firepower Devices
Cisco Talos is aware of UAT-4356's continued active targeting of Cisco Firepower devices' Firepower eXtensible Operating System FXOS. UAT-4356 exploited n-day vulnerabilities CVE-2025-20333 and CVE-2025-20362 to gain unauthorized access to vulnerable devices, where the threat actor deployed their...
CISA Warns of Active Attacks on Cisco ASA and Firepower Flaws
CISA issues an urgent directive for all organizations to patch Cisco ASA and Firepower devices against CVE-2025-20362 and CVE-2025-20333, exploited in the ArcaneDoor campaign. Verify the correct version now!...
Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware
The U.K. National Cyber Security Centre NCSC has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER. "The RayInitiator and LINE...
PT-2025-30603 · Undefined · Undefined
ParsedReport CompletenessLow 22-07-2025 CVE-202553770/TOOLSHELL: HUNTING DOWN THE ATTACKER TECHNIQUES &VICTIMS https://theravenfile.com/2025/07/22/cve-2025-53770-toolshell-hunting-down-the-attacker-techniques-victims/ Report completeness: Low Actors/Campaigns: Arcanedoor Threats: Toolshell vuln...
China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices
The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced...
Unmasking ArcaneDoor: A Cyber Espionage Surge Against Critical Infrastructure
Discovery of a Digital Breach Even our most sensitive governmental and infrastructural data is not guaranteed safe. A new breach has been uncovered, ominously named "ArcaneDoor." According to HiveForce Labs, this campaign has been meticulously orchestrated with the primary aim of breaching the...
ArcaneDoor a Novel Espionage Campaign Exploits Cisco Zero-Days
...
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated...
ArcaneDoor Unlocked: Tackling State-Sponsored Cyber Espionage in Network Perimeters
Cisco recently uncovered a sophisticated cyber espionage campaign, ArcaneDoor, targeting perimeter network devices used by government and critical infrastructure sectors. This campaign involves state-sponsored actors exploiting two zero-day vulnerabilities CVE-2024-20353 and CVE-2024-20359 aimed...
Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms
Today, Cisco released security updates to address ArcaneDoor—exploitation of Cisco Adaptive Security Appliances ASA devices and Cisco Firepower Threat Defense FTD software. A cyber threat actor could exploit vulnerabilities CVE-2024-20353link is external, CVE-2024-20359link is external,...