News
- Cisco patched a maximum-severity flaw impacting Identity Services Engine and ISE Passive Identity Connector
- The flaw allowed threat actors to run arbitrary code on the underlying OS
- It was patched in versions 3.3 and 3.4
A maximum-severity vulnerability was recently discovered, and patched, in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). This flaw allowed threat actors to execute arbitrary code, with elevated privileges, on the operating system of the devices running the tools.
ISE is a network security policy management and access control platform, helping organizations centrally manage who and what can connect to their network. The ISE-PIC, on the other hand, is a lightweight service that collects identity information about users and devices without requiring them to authenticate via traditional methods.
Both tools are typically used by enterprise IT and cybersecurity teams that manage large or complex network environments.
The importance of patchingRecently, security researcher Kentaro Kawane, from GMO Cybersecurity, discovered an insufficient validation of user-supplied input vulnerability that could be exploited by submitting a crafted API request. Valid credentials are not required to abuse the flaw.
It is tracked as CVE-2025-20337, and was given a severity score of 10/10 (critical). It affects releases 3.3 and 3.4 of the tools, regardless of device configuration. However, releases 3.2 or older are not affected.
Cisco addressed the flaws in these versions:
- Cisco ISE or ISE-PIC Release 3.3 (Fixed in 3.3 Patch 7)
- Cisco ISE or ISE-PIC Release 3.4 (Fixed in 3.4 Patch 2)
The good news is that there is no evidence the vulnerability has been exploited in the wild by malicious actors. However, cybercriminals are known for targeting organizations only after a bug was made public, since many entities don’t rush to apply the patches. By keeping hardware and software outdated, organizations are keeping their back doors wide open, and criminals are getting an easy way into the premises.
Therefore, it would be good practice to apply the patches as soon as possible and prevent possible attacks.
Via The Hacker News
You might also like- Cisco warns over worrying security flaws in ISE affecting AWS, Azure cloud deployments - here's what you need to know
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
- Netflix has announced an Assassin's Creed TV series is coming to the streamer
- It has been in the making for almost five years but we don't have much information yet
- The plot describes the series as "a high-octane thriller centered on the secret war between two shadowy factions"
Netflix has greenlit an Assassin's Creed TV adaptation, giving me hope once again after previous attempts to adapt the video game for the screen have flopped.
In 2016, the Michael Fassbender led movie was critically panned and received an 18% Rotten Tomatoes critical score. But news that the story is coming to one of the best streaming services has piqued my interest.
We have seen some huge success with video game adaptations recently, of course, like Prime Video's Fallout or HBO's The Last of Us, so we can only hope that second time's a charm when it comes to Assassin's Creed.
What do we know about Netflix's Assassin's Creed?The Assassin's Creed movie was a critical flop. (Image credit: New Regency Productions)At the time of writing, we don't know much. Netflix hasn't released a trailer or a cast list, but they have confirmed who is leading the project.
Emmy nominees Roberto Patino (Westworld) and David Wiener (Halo) will serve as creators, showrunners, and executive producers on the Assassin's Creed series. Given their work on some big shows, this does fill me with hope.
The Halo video game to screen adaptation scored a healthy 80% on Rotten Tomatoes, making it worthy of a spot on our best Paramount+ shows, so that's a positive start.
In terms of plot, all we have so far is a statement from Tudum which reads: "Assassin’s Creed is a high-octane thriller centered on the secret war between two shadowy factions — one set on determining mankind’s future through control and manipulation, while the other fights to preserve free will."
It adds: “The series follows its characters across pivotal historical events as they battle to shape humanity’s destiny.”
That isn't a lot to go off, and fans of the video games already know the universe well, so it will be interesting to see how far it sticks with or deviates from the source material.
Either way, I'm excited to give this one a go and pray it will one day be added to our best Netflix shows list.
You might also like- I watched Brick on Netflix so you don’t have to – here’s a far superior sci-fi thriller I recommend streaming instead
- Stranger Things first aired 9 years ago today but who cares? Netflix has made us wait too long for season 5
- Squid Game: The Challenge season 3 is a win for Netflix, but one unhinged game from the K-drama can’t be replicated
- 30% of Britons are providing AI chatbots with confidential personal information
- Research from NymVPN shows company and customer data is also at risk
- Emphasizes the importance of taking precautions, like using a quality VPN
Almost one in three Britons shares sensitive personal data with AI chatbots like OpenAI’s ChatGPT, according to research from cybersecurity company NymVPN. 30% of Brits have fed AI chatbots with confidential information such as health and banking data, potentially putting their privacy – and that of others – at risk.
This oversharing with the likes of ChatGPT and Google Gemini comes despite 48% of respondents expressing privacy concerns over AI chatbots. This signals that the issue extends to the workplace, with employees sharing sensitive company and customer data.
NymVPN’s findings come in the wake of a number of recent high-profile data breaches, most notably the Marks & Spencer cyber attack, which shows just how easily confidential data can fall into the wrong hands.
“Convenience is being prioritized over security”NymVPN’s research reveals that 26% of respondents admitted to disclosing financial information related to salary, investments, and mortgages to AI chatbots. Riskier still, 18% shared credit card or bank account data.
24% of those surveyed by NymVPN admit to having shared customer data – including names and email addresses – with AI chatbots. More worrying still, 16% uploaded company financial data and internal documents such as contracts. This is despite 43% expressing worry about sensitive company data being leaked by AI tools.
“AI tools have rapidly become part of how people work, but we’re seeing a worrying trend where convenience is being prioritized over security,” said Harry Halpin, CEO of NymVPN.
M&S, Co-op, and Adidas have all been in the headlines for the wrong reasons, having fallen victim to data breaches. “High-profile breaches show how vulnerable even major organizations can be, and the more personal and corporate data that is fed into AI, the bigger the target becomes for cybercriminals,” said Halpin.
The importance of not oversharingSince nearly a quarter of respondents share customer data with AI chatbots, this emphasizes the urgency of companies implementing clear guidelines and formal policies for the use of AI in the workplace.
“Employees and businesses urgently need to think about how they’re protecting both personal privacy and company data when using AI tools,” said Halpin.
Although avoiding AI chatbots entirely would be the optimal solution for privacy, it’s not always the most practical. Users should, at the very least, avoid sharing sensitive information with AI chatbots. Privacy settings can also be tweaked, such as disabling chat history or opting out of model training.
A VPN can add a layer of privacy when using AI chatbots such as ChatGPT, encrypting a user’s internet traffic and original IP address. This helps keep a user’s location private and prevents their ISP from seeing what they’re doing online. Still, even the best VPN isn’t enough if sensitive personal data is still being fed to AI.
Agents – software systems capable of decision making or performing tasks autonomously - are no longer experimental. Today, these agents are operational, distributed and actively making decisions across the enterprise. From writing code to scheduling tasks, agents are starting to permeate every facet of business. The reason is clear: agents promise significant productivity gains.
Some will be deeply embedded, making them difficult to detect or monitor. Others will operate autonomously, continuously learning and adapting in real time. Many may have broad access privileges in the name of efficiency. This introduces significant potential for both positive impact and risk.
And as adoption grows, many organizations will face a new challenge: securing agents at scale. Businesses will need to ensure that innovation doesn’t outpace security and governance. The stakes are too high; one single misalignment, vulnerability or unintended behavior can lead to a runaway effect of unethical or harmful actions.
We’ve already seen real-world examples of AI failures – sometimes exposing sensitive data or making critical errors. One AI assistant notoriously advised users to eat rocks, and in another case a customer service chatbot deployed by a logistics company began issuing aggressive responses. Both examples show the risk of poor training data – AI agents don’t just learn facts, they learn behaviors, and bad input leads to bad output.
Cloud Déjà vu, Now with AgentsWithout consistent oversight, agents can act outside their intended use and damage brand reputation. That’s why it’s important that security is baked in at the start. Like salt and pepper, you can always sprinkle more on later, but if you forget to add it while cooking, the flavor – and in this case the protection – just won’t be the same. Security must be integrated from the outset, waiting until after deployment to retrofit security is a recipe for vulnerabilities.
Just consider what happened during the mass migration to cloud computing technologies. Adoption led to serious security missteps, data silos and visibility gaps. Gaps that have been and continue to be exploited by attackers today.
Now with agents it’s like a bad case of déjà vu. Once again, innovation is outpacing security. In many cases, these autonomous tools are being integrated into critical systems with limited oversight and lacking proper security and controls.
If we don’t apply the hard lessons learned from the cloud era we risk repeating the same mistakes, but this time with far more unpredictable systems. That’s why security must be at the core of agents.
Securing Every Agent TouchpointBut securing agents requires an expanded approach, one that accounts for autonomous behaviors, including those ongoing interactions with data, systems and users. Agents need a strong trust layer, where every interaction, from API calls to sensitive data handling, must be mapped, protected and governed in real time.
A core part of this trust layer is securing the data agents interact with—inputs, outputs and everything in between. Data is the fuel of agents, and without foundational security that fuel becomes a major risk. Enterprises must focus on the fundamentals like data discovery and classification, encryption and key management.
Access and Identity Management strategies must also evolve as agents take on more advanced roles in the enterprise. Like humans, every agent will require its own unique credentials, roles and permissions to ensure that every interaction is authorized and verified.
Agent credentials should be stored in a secure, automated credential vault, with policies enforcing regular rotation, access logging, and immediate revocation if misuse is detected. Organizations must be able to distinguish between agents using managed or unmanaged credentials.
And once agent credentials are brought under management, it's crucial to protect and enforce proper lifecycle management and governance. By provisioning, rotating, auditing, protecting and decommissioning credentials organizations can reduce the risk of credential misuse and theft.
Without strong identity oversight, businesses risk losing visibility of both human and agent identities and control over autonomous actions.
Decentralized Agents Need Centralized SecurityHowever, at scale, managing agents and especially autonomous ones, will require additional control to monitor behavior, interactions and deviations from policy. Consider a type of agent “security manager” that brings agents and humans on the loop to build trust in how agents operate.
This should be more than a dashboard, rather intelligence capable of understanding what agents are doing, why they’re doing it and whether their behavior aligns with policies and risk thresholds on a constant basis. It flags anomalies, enforces constraints and enables human review, when needed.
That last part is particularly important. Human oversight remains essential, especially when scaling agents. This control layer becomes the security conscience of your agent fleet: always watching, interpreting and enabling distributed and trusted autonomy.
As agents continue to proliferate, the ability to deploy them responsibly will define who can scale securely and who introduces unnecessary risk. To secure agent ecosystems, organizations should integrate security from the start of deployment, continuously monitor behavior and access, maintain strong human oversight, and regularly audit and update security policies.
Enterprises that get this right will unlock significant productivity and resilience; not by slowing down agents, but by giving them the security and governance they need to operate safely and responsibly.
We list the best IT Automation software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
- Amazon has renewed Invincible for a fifth season
- The highly-rated animated show's fourth entry will arrive sometime in 2026
- Matthew Rhys has also joined the Prime Video series' voice cast for season 4
Amazon has revealed Invincible has been renewed for a fifth season.
The announcement, which was made on the adult animated show's social media channels yesterday (July 17), confirms Invincible season 4 won't be its final entry. Considering how popular the critically-acclaimed Prime Video series is, that's no great surprise, but it's nonetheless pleasing to hear that Mark Grayson's story will continue on one of the world's best streaming services.
Season 5, Mark... this is GOOD NEWS pic.twitter.com/Kft2aTuS5SJuly 17, 2025
Interestingly, Amazon also revealed that the show's cast had already completed recording their lines for its fifth season.
It's likely, then, that Invincible season 5 could be ready to go in 2027 and maintain Prime Video's recently established plan to release new seasons annually: Invincible season 2 part 1 aired in late 2023, Invincible season 2 part 2 launched in early 2025, and its third and most recent season released earlier this year. Season 4 is set to arrive in 2026, too, so there's no reason to suspect the show's fifth installment won't arrive a year after that.
Which character might be voiced by Matthew Rhys in Invincible season 4?Welsh actor Matthew Rhys has joined the cast for Invincible's fourth season (Image credit: Michael Loccisano)Invincible's latest renewal and the completion of voice work on season 5 weren't the only announcements made in the above video. Indeed, Amazon also revealed that Matthew Rhys (The Americans, Perry Mason) had joined the voice cast for one of the best Prime Video shows' fourth chapter.
Understandably, Rhys' role is being kept under wraps, but that doesn't mean we can't guess which character he'll portray. After all, there are plenty of candidates in the series' graphic novel namesake who've yet to show up in its animated adaptation.
So, who could Rhys be voicing? Grand Regent Thragg is a possibility but, as much as I like Rhys as an actor, I'm not sure he has the gravitas to play the Viltrum Empire's commander-in-chief. J.K. Simmons, who plays Omni-Man, and Jeffrey Dean Morgan, who voices Conquest, have proven that actors with deeper voices are best suited to portray Viltrumites, so I don't think Rhys is the right fit for Thragg.
If he plays a villain, he might be better hamming it up as someone like Dinosaurus – real name David Anders – who's something of an superhuman eco-terrorist and, as his name implies, a formidable shape-shifting humanoid reptile when he's in his dino-form. Dinosaurus is a dangerous albeit silly character, so Rhys might be the perfect fit to play him.
On the more heroic front, Rhys may be the ideal actor for someone like Space Racer or Tech Jacket. We've briefly seen these superpowered beings in past seasons of Invincible, but neither character has uttered a word yet. It's possible, then, that Rhys has been tapped to voice one of them.
I guess we'll find out for sure when Invincible season 4 is eventually released. In the meantime, read the section below for more coverage on the series' latest season.
You might also like- Invincible season 3 review: another soaring entry of the popular Prime Video series that packs a real punch in more ways than one
- Invincible season 3 ending explained: is [spoiler] dead, Damien Darkblood end credits scene, and more big questions answered
- Invincible season 3 episode 7 makes good on a two-year-old Instagram post and a wild rumor about Jeffrey Dean Morgan