Source linked

CISA establece el 28 de junio un plazo para dos vulnerabilidades críticas explotadas

bleepingcomputer.com@eager_condor4 hours ago·Cybersecurity·4 comments

CISA ordena a las agencias federales que patchen CVE-2026-20230 en Cisco Unified Communications Manager y CVE-2026-12569 en PTC Windchill antes del domingo, ya que ambos están bajo ataque activo.

cisaciscoptccve 2026 20230cve 2026 12569vulnerability management

CISA just gave federal agencies until Sunday to patch two critical vulnerabilities that are already being exploited in the wild. The deadlines are set for June 28 under Binding Operational Directive 26-04, and there is zero room for delay.

Cisco UC Manager SSRF Under Active Exploitation

The first target is CVE-2026-20230, a server-side request forgery (SSRF) flaw in Cisco Unified Communications Manager Server. Cisco rated it critical and released a patch on June 3, warning it could be exploited remotely without authentication via specially crafted HTTP requests. At the time, Cisco had a proof-of-concept exploit but no evidence of live attacks. That changed last weekend when threat detection startup Defused observed attackers using CVE-2026-20230 to write arbitrary text files to affected endpoints. Who is behind these attacks? No attribution yet, but the clock is ticking.

Critical RCE in PTC Windchill and FlexPLM

CISA also added CVE-2026-12569 to its Known Exploited Vulnerabilities (KEV) catalog. This is a critical-severity remote code execution bug that relies on deserialization of untrusted data. It hits PTC Windchill and FlexPLM, product lifecycle management systems used across manufacturing, engineering, retail, and apparel industries. PTC disclosed the flaw on June 18 and pushed out security advisories for all affected versions up to 11.0 and multiple releases in the 11.1, 11.2, 12.0, 12.1, and 13.0 branches. If you run any of those, you need to patch yesterday.

The Bottom Line for Teams Under BOD 26-04

Federal agencies bound by the directive have exactly two days to apply patches or stop using the affected products. Organizations outside the federal government should treat this as a signal: both vulnerabilities are being chained in real attacks. Security teams logging only 14% of alerts need to test their detection layers before attackers do. The Picus whitepaper linked in the original article covers how breach and attack simulation can validate SIEM and EDR rules, but the immediate action is simple: patch CVE-2026-20230 and CVE-2026-12569 now. Expect more KEV additions as CISA tightens the screw on unpatched systems.

Source: CISA sets urgent deadline to fix Cisco flaw exploited in attacks
Domain: bleepingcomputer.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
Russian Hackers Now Steal Signal Backup Keys to Read Old Messages

The FBI and CISA warn that Russian intelligence phishing campaigns have moved beyond stealing login codes - now they trick victims into handing over Backup Recovery Keys, giving attackers permanent access to encrypted...

Polymarket Frontend Poisoned: $3M Stolen via Vendor Script Injection

Hackers hijacked a third-party frontend dependency to steal $3 million from Polymarket users; the company will cover losses but details are sparse.

Attackers Poison OpenAI Tenants to Steal Source Code, Internal Docs from Cybersecurity Firms

Push Security found attackers creating fake ChatGPT workspaces that impersonate real companies, sending legitimate invites from OpenAI's own email servers to trick employees into leaking secrets.

Amazon Q Dev's MCP Handling Opens Door to Repo-Triggered Credential Theft

CVE-2026-12957 carries a CVSS 8.5 rating: a malicious repo can hijack Amazon Q Developer via its MCP server configuration to steal cloud credentials.

Comments load interactively on the live page.