ArcaneDoor is a apt_group tracked across 8 threat clusters and 16 intelligence report mentions on ThreatCluster. First observed November 2, 2025; most recent activity June 3, 2026.
A sophisticated backdoor malware named Firestarter has been discovered on Cisco Firepower devices, attributed to the state-sponsored threat actor UAT-4356. The malware exploits two vulnerabilities, CVE-2025-20333 and…
Adversaries are increasingly leveraging external remote services like VPNs and Citrix to gain unauthorized access to networks. These attacks often involve using valid accounts obtained through credential harvesting or…
Cisco disclosed a state-espionage campaign targeting its Adaptive Security Appliances (ASA), which are used for firewall and VPN functions. Attackers exploited two zero-day vulnerabilities to infiltrate government…
Cisco has disclosed critical vulnerabilities in its Unified Contact Center Express (CCX) platform and Adaptive Security Appliances (ASA) that allow unauthenticated remote attackers to execute arbitrary code and…
Cisco Systems has issued a warning regarding a new attack variant targeting its Secure Firewall devices, leveraging vulnerabilities CVE-2025-20333 and CVE-2025-20362. These vulnerabilities could potentially lead to…
In November 2025, the Indian APT group BITTER launched a cyber attack targeting enterprises and carriers. Earlier, in September 2025, the APT group ArcaneDoor exploited a zero-day vulnerability in the Cisco Adaptive…
Cisco has reported ongoing attacks against its firewalls, specifically targeting vulnerabilities CVE-2025-20333 and CVE-2025-20362. These flaws allow remote code execution and unauthorized access, leading to potential…
The ATT&CK framework has released version 19, which includes significant updates to its structure and coverage. Notably, the Defense Evasion Tactic has been split into two distinct categories: Stealth and Defense…