Cisco has issued a critical update for its Video Surveillance Manager (VSM) appliance to fix a default password vulnerability.If exploited the vulnerability could allow an unauthenticated user to log in using the root account, which has default, static user credentials allowing the attacker to execute arbitrary commands as the root user, Cisco reported. The issue has been patched with VSM version 7.12, which can be downloaded here.The issue, CVE-2018-15427, affects VSM versions 7.10, 7.11, and 7.11.1, but only when the software is preinstalled by Cisco and running on the following Cisco Connected Safety and Security Unified Computing System platforms:
Versa Networks' centralized management and orchestration platform Versa Concerto has been impacted by a trio of serious vulnerabilities, which could be leveraged for authentication evasion and arbitrary code execution, according to BleepingComputer.
Chinese state-backed threat operation UNC5221 has launched attacks exploiting the recently addressed Ivanti Endpoint Manager Mobile flaws, tracked as CVE-2025-4427 and CVE-2025-4428, against telecommunications, healthcare, government, defense, finance, and aviation organizations in North America, Europe, and the Asia-Pacific since May 15, The Hacker News reports.