Threat actors targeted a remote code execution vulnerability (CVE-2025-20352) in unprotected Cisco networking devices that had recently been patched. By leveraging this flaw, they were able to install a Linux rootkit, providing them with continuous and unauthorized access to the switches. The exploitation of such vulnerabilities highlights the critical need for timely updates and the importance of securing devices against known threats.
The presence of the Linux rootkit signifies a severe risk, as it could allow attackers to manipulate network traffic and perform actions without detection. Organizations using vulnerable Cisco equipment should prioritize remediation and apply patches as soon as they are available. The situation serves as a reminder of the ongoing challenges related to cybersecurity, as threat actors continue to find ways to exploit weaknesses in widely used technologies.
👉 Pročitaj original: BleepingComputer
