InfoSecBulletin Cybersecurity for mankind
The Federal Bureau of Investigation (FBI) is warning the public, private sector, and international community of the threat posed to computer networks and critical infrastructure by cyber actors attributed to the Russian Federal Security Service’s (FSB) Center 16.
The FBI detected Russian FSB cyber actors exploiting Simple Network Management Protocol (SNMP) and end-of-life networking devices running an unpatched vulnerability (CVE-2018-0171) in Cisco Smart Install (SMI) to broadly target entities in the United States and globally.
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
First-ever AI-powered ‘MalTerminal’ Malware Uses OpenAI GPT-4 to Generate Code
Gmail Data exposes via ChatGPT Deep Research Agent dubbed “ShadowLeak Zero-Click” Flaw
Cyber attack disrupts several European airports: check-in and boarding systems affected
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
In the past year, the FBI detected the actors collecting configuration files for thousands of networking devices associated with US entities across critical infrastructure sectors. On some vulnerable devices, the actors modified configuration files to enable unauthorized access to those devices. The actors used the unauthorized access to conduct reconnaissance in the victim networks, which revealed their interest in protocols and applications commonly associated with industrial control systems.
The FSB Center 16 unit conducting this activity is known to cybersecurity professionals by several names, including “Berserk Bear” and “Dragonfly,” which refer to separate but related cyber activity clusters.
For over a decade, this unit has compromised networking devices globally, particularly devices accepting legacy unencrypted protocols like SMI and SNMP versions 1 and 2. This unit has also deployed custom tools to certain Cisco devices, such as the malware publicly identified as “SYNful Knock” in 2015.
The FBI and law enforcement partners previously released guidance that remains relevant in a Technical Alert, “Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices” on 20 April 2018, and a Joint Advisory, “Primary Mitigations to Reduce Cyber Threats to Operational Technology” on 6 May 2025. In addition, Cisco Talos published a blog post on 20 August 2025 with more information on their analysis of this threat actor, identified by Cisco Talos as Static Tundra.
Vulnerable Products:
This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and have the Smart Install client feature enabled.
Only Smart Install client switches are affected by the vulnerability that is described in this advisory. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability.
For a list of devices that support Smart Install, see Smart Install Configuration Guide – Supported Devices.
For information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software section of this advisory.
Copilot Breaks Your Audit Log, but Microsoft Won’t Tell the customer
