News

Cisco Patches Critical Zero-Day CVE-2026-20045 in Unified CM and Webex

Luciano Ferrari

22 Jan 2026 — 2 min read

Thursday, January 22, 2026

Top 5 Cybersecurity Stories You Should Know

Cisco Patches Critical Zero-Day CVE-2026-20045 in Unified CM and Webex — tl;dr: Cisco has released urgent patches for a critical zero-day vulnerability, CVE-2026-20045, affecting its Unified Communications products and Webex Calling Dedicated Instance. The flaw, with a CVSS score of 8.2, allows unauthenticated remote attackers to execute arbitrary commands on vulnerable devices. Exploitation could lead to unauthorized access and privilege escalation. Users are advised to update their systems immediately to mitigate potential risks associated with this vulnerability, as it has been actively exploited in the wild.
↪ https://thehackernews.com/
Cisco CVE-2026-20045: Critical RCE Vulnerability Exploited for Root Access — tl;dr: Cisco has disclosed a critical zero-day remote code execution vulnerability, CVE-2026-20045, affecting its Unified Communications products. This flaw allows unauthenticated attackers to execute arbitrary commands and potentially gain root access. Cisco's Product Security Incident Response Team (PSIRT) confirmed active exploitation attempts, urging immediate patching. The vulnerability arises from improper validation of user input in HTTP requests to the management interface. Affected products include Unified CM, IM&P, and Unity Connection, with no workarounds available. Organizations are advised to apply patches urgently and restrict access to management interfaces.
↪ https://cybersecuritynews.com/cisco-unified-cm-rce/
Microsoft to Offer Free Windows 10 Security Updates in Europe Post-2025 — tl;dr: In response to regulatory pressure, Microsoft will provide free security updates for Windows 10 in Europe after 2025, while users in other regions will still incur charges. This decision aims to enhance cybersecurity for European users amid growing concerns about software support and security vulnerabilities. Organizations and individuals using Windows 10 in Europe should prepare for this change and ensure their systems remain updated to protect against potential threats. For users outside Europe, it's crucial to stay informed about update costs and explore alternatives if necessary.
↪ https://insightsintothings.com/tech-headlines/
#StopRansomware Advisory: Interlock Ransomware Threats and Mitigations — tl;dr: The CISA, FBI, and HHS have issued a cybersecurity advisory on Interlock ransomware, first detected in September 2024, targeting businesses and critical infrastructure in North America and Europe. This ransomware employs a double extortion model, encrypting systems after data exfiltration. Initial access is gained through drive-by downloads and social engineering techniques like ClickFix. Organizations are urged to implement DNS filtering, patch vulnerabilities, segment networks, and enforce multifactor authentication to mitigate risks. For further details, including indicators of compromise, visit the advisory at stopransomware.gov.
↪ https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a
CISA Issues Guidance to Strengthen Communications Infrastructure Against Cyber Threats — tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) and other agencies have released guidance to enhance visibility and harden communications infrastructure against cyber espionage, particularly from PRC-affiliated threat actors. This guidance emphasizes the importance of monitoring network activities, securing configurations, and implementing robust logging practices. Telecommunications and critical infrastructure organizations are urged to adopt these best practices to mitigate vulnerabilities and reduce the risk of exploitation. Key recommendations include using out-of-band management networks, monitoring for unauthorized changes, and employing centralized logging solutions to improve incident response capabilities.
↪ https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidance-communications-infrastructure