Cisco has confirmed that attackers are actively exploiting a vulnerability in Unified Communications Manager that the company patched in early June. The flaw poses a direct threat to organizations still running unpatched versions of the software.
Cisco's confirmation marks the transition of the Unified CM vulnerability from theoretical risk to active exploitation in the wild. The vulnerability, patched during Cisco's June security updates, has now moved beyond proof-of-concept demonstrations to real-world attacks.
Unified Communications Manager is a critical infrastructure component for many enterprises, handling voice, video, and messaging services. The active exploitation underscores the urgency for organizations to apply the available patches immediately.
Cisco has not disclosed specific details about the attack vectors or the scope of current exploitation. However, the company's public confirmation typically indicates sufficient evidence of real-world attacks affecting customer environments.
The timeline between the patch release and exploitation confirmation is consistent with patterns seen for widely-deployed infrastructure software. Attackers routinely analyze patches to identify vulnerabilities and develop exploits once fixes become public.
Organizations running Unified CM should prioritize patching as a critical security task. The vulnerability affects systems that often sit at the core of business communications, making compromises particularly damaging.
Cisco recommends all customers review the security advisory for affected versions and apply patches accordingly. The company has provided guidance for organizations unable to patch immediately, though workarounds are limited for infrastructure of this nature.
The confirmation adds Unified CM to a growing list of enterprise infrastructure facing active exploitation. Administrators should ensure patch deployment protocols are accelerated and that security monitoring is enhanced around Unified CM instances.
Aylo, Pornhub's parent company, will restore access to the site in the UK through Apple's device-level age verification system in iOS 26.4. The move requires users to complete age verification before accessing the platform.
Australia's eSafety Commissioner has identified significant gaps in how major tech platforms address online sexual extortion. Young men are reporting sextortion at higher rates than any other demographic, with over 2,000 complaints filed in just six months.
Angelo Martino, a ransomware negotiator, was sentenced to 70 months in prison for colluding with attackers to defraud victims. Martino helped orchestrate scams that extracted over $75 million from ransomware victims.
Samsung's Health app is warning users that opting out of AI training will result in deletion of their health data. The ultimatum has sparked backlash over privacy and consent practices.