🍩 & #threatintel - Since its disclosure 11 days ago, 95% of the exploitation attempts of CVE-2026-20045, a critical vulnerability in Cisco Unified Communications Manager, have used a distinctive user-agent: Mozilla/5.0 (compatible; CiscoExploit/1.0) and are heavily targeted against our Cisco Unified Communications Manager (UCM) sensors.

We're tracking it here: https://viz.greynoise.io/tags/cisco-unified-communications-manager-input-validation-cve-2026-20045-rce-attempt?days=10

Appears to be from https://github.com/Ashwesker/Ashwesker-CVE-2026-20045

☕ & #threatintel: CISA has moved the due date for mitigating CVE-2025-55182 (Meta React Server Components Remote Code Execution Vulnerability) up two weeks. It was initially set for December 26, but it is now due on December 12. IIRC, this is the first time the due date has been modified.

In all honesty, if you haven't already patched this vulnerability, it's likely too late. As a reminder, patching does not boot attackers, so you should check for indicators of compromise.

Ron (@iagox86) and I are presenting at #Suricon (Montreal) next month! If you're around, you'll definitely want to find us for some sweet swag (oh, and our talk is pretty cool too!).

https://suricon.net/agenda-montreal/

🥤& #threatintel: CISA added Langflow Code Injection CVE-2025-3248 to the KEV on May 5. Recently, it has garnered considerable attention, with South Korea leading the pack. This vuln enables unauthenticated attackers to execute arbitrary code via /api/v1/validate/code

https://viz.greynoise.io/tags/langflow-code-injection-cve-2025-3248-rce-attempt?days=10