Security Bulletin

Explore. Connect. Get inspired. Learn with Cisco.

GlassWorm, a self-propagating VS Code malware first found in the Open VSX marketplace, continues to infect developer devices around the world.

Discover Cisco’s Industrial Insider Webinar Series—30-minute sessions designed to deliver expert insights, practical solutions, and the latest innovations in Industrial IoT, helping you to elevate and secure your industrial operations with ease.

Discover how Cisco Networking Academy is accelerating digital transformation across Latin America through innovative partnerships, hands-on training, and groundbreaking initiatives in AI and… Read more on Cisco Blogs

Today, I noticed scans using the username "FTP_3cx" showing up in our logs. 3CX is a well-known maker of business phone system software [1]. My first guess was that this was a default user for one of their systems. But Google came up empty for this...

Attackers compromise hospitality providers with an infostealer and RAT malware and then use stolen data to launch phishing attacks against customers via both email and WhatsApp.

At Cisco, our military veteran team members, along with military spouses and those serving in the reserves, strengthen our workforce through their leadership, discipline, adaptability, and a commitment to excellence.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

This is just a quick diary entry to report that I saw requests on my honeypot for (code) repositories:

Learn all about where to find Cisco Customer Experience integrations at Cisco Live Melbourne 2025.

The tool let its operators secretly record conversations, track device locations, capture photos, collect contacts, and perform other surveillance on compromised devices.

A published VS Code extension didn't hide the fact that it encrypts and exfiltrates data and also failed to remove obvious signs it was AI-generated.