Cisco has patched a server-side request forgery (SSRF) vulnerability in Unified Communications Manager (Unified CM) that allows an unauthenticated network attacker to write arbitrary files to the system and escalate privileges to root. The flaw is tracked as CVE-2026-20230 and public proof-of-concept exploit code is already available, significantly lowering the barrier to exploitation. Cisco’s PSIRT has not confirmed active exploitation in the wild, but the availability of working PoC code makes patching urgent.

Architect’s Take: Apply Cisco’s patch immediately and treat any internet- or untrusted-network-exposed Unified CM instances as highest priority. As an interim control, restrict network access to Unified CM admin interfaces to trusted management VLANs only, and review ingress firewall rules to limit the blast radius while patching is under way.

Original advisory: Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

Researchers have demonstrated that freely available open source AI models are sufficient to build self-spreading computer worms capable of exploiting known vulnerabilities at scale across enterprise networks — no expensive or specialised AI tools required. The study shows attackers no longer need cutting-edge proprietary models to automate vulnerability exploitation, dramatically lowering the barrier to entry for large-scale attacks. This represents a meaningful shift in the threat landscape, where mass exploitation of known but unpatched vulnerabilities becomes significantly cheaper and faster to operationalise.

Architect’s Take: Prioritise rapid patching cadence and automated vulnerability remediation pipelines — the research confirms that the window between public vulnerability disclosure and weaponised exploitation is shrinking fast. Review your network segmentation controls and lateral movement detection capabilities to limit the blast radius of any self-propagating worm that gains an initial foothold.

Original advisory: Nobody needs Mythos or 0-days to build a chaos-causing computer worm – free open source models work just fine

Researchers at Rice University have demonstrated that curving or bending radio beams can defeat anti-jamming systems that rely on locating the source of interference. Because the signal no longer travels in a straight line, direction-finding techniques used to identify and counter jammers become ineffective. This has implications for any wireless communication infrastructure, including those supporting cloud-connected IoT, satellite links, and enterprise wireless networks.

Architect’s Take: Cloud architects relying on wireless backhaul, satellite connectivity, or IoT sensor networks should review their signal resilience strategy — consider whether your anti-jamming or interference-detection controls assume line-of-sight propagation, and engage your network security team to assess whether alternative detection methods (e.g. signal fingerprinting or multi-point triangulation) are in scope.

Original advisory: Bend the beam like Beckham to defeat anti-jamming tech

A high-severity vulnerability in Oracle WebLogic Server (CVE-2024-21182) has been added to CISA’s Known Exploited Vulnerabilities catalogue following confirmed active exploitation in the wild. The flaw allows an unauthenticated attacker with network access to take full control of affected servers without any credentials. Any organisation running Oracle WebLogic in cloud or on-premises environments should treat this as an urgent remediation priority.

Architect’s Take: Audit your cloud environments immediately for internet-exposed or network-accessible WebLogic instances and apply Oracle’s patch from the January 2024 Critical Patch Update without delay. As an interim control, restrict network access to WebLogic admin ports using security groups or firewall rules, and consider placing instances behind a WAF or application gateway.

Original advisory: Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation