惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News and Events Feed by Topic
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
月光博客
月光博客
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
V
V2EX
阮一峰的网络日志
阮一峰的网络日志
C
Cisco Blogs
博客园 - 叶小钗
P
Privacy International News Feed
Jina AI
Jina AI
Apple Machine Learning Research
Apple Machine Learning Research
T
Threatpost
IT之家
IT之家
博客园 - 聂微东
Know Your Adversary
Know Your Adversary
Help Net Security
Help Net Security
罗磊的独立博客
I
Intezer
S
Schneier on Security
博客园_首页
C
CERT Recently Published Vulnerability Notes
雷峰网
雷峰网
Cisco Talos Blog
Cisco Talos Blog
宝玉的分享
宝玉的分享
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Webroot Blog
Webroot Blog
TaoSecurity Blog
TaoSecurity Blog
MyScale Blog
MyScale Blog
P
Privacy & Cybersecurity Law Blog
T
The Exploit Database - CXSecurity.com
PCI Perspectives
PCI Perspectives
Security Latest
Security Latest
H
Heimdal Security Blog
S
Secure Thoughts
Hacker News: Ask HN
Hacker News: Ask HN
Y
Y Combinator Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Microsoft Security Blog
Microsoft Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
SecWiki News
SecWiki News
The GitHub Blog
The GitHub Blog
A
Arctic Wolf
A
About on SuperTechFans
aimingoo的专栏
aimingoo的专栏
T
Threat Research - Cisco Blogs
Engineering at Meta
Engineering at Meta
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC

AI demand is so high, AWS customers are trying to buy out its entire capacity | Network World

Cisco: Latest news and insights 2026 network outage report and internet health check Selector targets the network visibility gap in multi-cloud infrastructure Top network and data center events of 2026 How AI is transforming network incident response (and where it still falls short) Google opens TPUs to enterprises beyond its own cloud via Blackstone JV AI, cybersecurity skills top IT pay premiums Startup Bolt Graphics promises 5x performance over Nvidia’s best GPU Wireless security is a battle of AI vs. AI NetOps teams look to AI to automate Day 2 operations Digital twins reshape network and data center management Network outages, power failures strain data center resiliency Five takeaways from Cisco's blowout quarter and what it means to customers Cisco to cut nearly 4,000 jobs despite strong growth in AI, enterprise networking Startup SPAN teams with Nvidia to put data center nodes in your backyard Hard drive shortage affecting enterprise storage needs Wi-Fi 8 is closer than you think. Here’s what you need to know Cisco open-sources agentic AI security spec HPE revamps private cloud stack for enterprises rethinking VMware Versa takes aim at fragmented enterprise security with CSPM, orchestration update, and AI agent controls Red Hat opens Ansible to AI agents, within limits Red Hat offers endless Linux support — for a fee Red Hat: Sovereignty is more than just compliance Tech job postings hit three-year high as AI demand fuels hiring rebound HPE memory server targets compute-heavy and agentic AI workloads PCI group begins work on new spec to support bandwidth-hungry apps like AI, HPC Q&A: Quantum physicist Sonia Fernández-Vidal on why classical computing isn't going anywhere OpenAI-led consortium seeks to address AI processing bottlenecks AWS hit by US-East-1 outage after data center thermal event Gluware's Titan rises to meet Mythos network vulnerability challenge AMD launches AI-targeted PCIe cards for current servers Supply constraints, optical advances dominate Arista's Q1 Lumen advances cloud networking vision with $475M Alkira buy HPE bolsters autonomous network operations for Mist, Aruba Central Netskope launches AI agents for SOC and NOC automation Intel, behind in AI chips, bets on quantum and neuromorphic processors Switch storm coming: Gartner forecasts price hikes, long lead times for enterprise data center switches Extreme moves toward autonomous networking with advanced AI agent, management tools Broadcom bets big on VMware Cloud Foundation 9.1 IBM unveils its blueprint to help enterprises run AI at the core of their business Ruckus Networks on the move again, this time acquired by Belden for $1.85 billion AMD and Intel partner to deliver AI performance advancement Cisco grabs Astrix to secure AI agents Beyond the pitch: A look at Atlético Madrid's connected stadium StarlingX 12.0 is right on time for mixed-hardware edge deployments Cisco nerds out: May the Fourth be with your AI assistant Memory shortage and cost surge push enterprises toward the cloud Extreme Networks: Memory advantage, Wi-Fi 7 and competitive flux drive momentum Scenes from the great data center revolt Enterprise Spotlight: Transforming software development with AI When 170,000 people show up: Network refresh readies Churchill Downs for Kentucky Derby IT certification pay surges as noncertified skills slump QuEra claims quantum error correction breakthrough with 2-to-1 qubit ratio HPE expands ProLiant line with rugged edge servers Deconstructing the data center: A massive (and massively liberating) project Cisco bolsters security, AI support in latest SD-WAN release The era of chatbot AIOps is fading as agentic AI gains traction Auvik bets agentic AI can fill the networking skills gap AI data flows force rethink of data center networking at Backblaze Nvidia's 'AI insurance policy' balances immediate and future AI approaches Cirrascale to offer on-prem Google Gemini models Space data-center news: Roundup of extraterrestrial AI endeavors Network jobs watch: Hiring, skills and certification trends Cisco switch aimed at building practical quantum networks How AI is changing copper, fiber networking Almost 40% of data center projects will be late this year, 2027 looks no better It’s the end of set-and-forget security Google bets on workload-specific TPUs with 8t and 8i launch SUSE bets automated migration can break VMware's grip on virtualization How Zero Networks is closing the network enforcement gap for AI agents Cloudflare wants to rebuild the network for the age of AI agents AI fuels wireless talent shortage Broadcom's Facebook friend will help train it to accelerate AI workloads Data centers are costing local governments billions Equinix offering targets automated AI-centric network operations AI shifts IT roles from operator to orchestrator IBM unveils security services for thwarting agentic attacks, automating threat assessment Maine to put brakes on big data centers as AI expansion collides with power limits Satellite backhaul service Globalstar has a new, rich owner amid challenging market conditions DNS security is often inadequate, and network engineers should get more involved Curious about quantum? Check out training options from ISC2, IBM, AWS and more Cisco just made moves to own the AI infrastructure stack Data centers are moving inland, away from some traditional locations Fixing encryption isn't enough. Quantum developments put focus on authentication Intel: Latest news and insights Linux 7.0 debuts with some big changes for networking Intel secures Google cloud and AI infrastructure deal OpenAI puts part of Stargate project on hold over runaway power costs Broadcom strikes chip deals with Google, Anthropic Cisco to acquire Galileo for AI observability Neoclouds gain momentum in a supply-constrained world Lumen: Upstream network visibility is enterprise security's new front line Yael Nardi joins Minimus as Chief Business Officer to head growth strategy Nvidia Rubin GPUs may be delayed, slowing the next phase of AI infrastructure What is AI networking? How it adds intelligence to your infrastructure Google owns the most AI compute, and it built it its way Aria Networks raises $125M and debuts its approach for AI-optimized networks Intel bets on Terafab to help it reassert itself in the AI chip race New v2 UALink specification aims to catch up to NVLink Cisco joins Anthropic’s multivendor effort to secure AI software
Critical vulnerability in Cisco Secure Workload rated at maximum severity
by Howard Solomon · 2026-05-21 · via AI demand is so high, AWS customers are trying to buy out its entire capacity | Network World

The easily exploited hole could give an unauthenticated threat actor site admin privileges, even across tenant boundaries.

A critical vulnerability in the on-premises version of the Cisco Secure Workload security platform could allow a threat actor to obtain the privileges of a site admin, enabling them to compromise endpoints and read or modify configuration data.

“CSOs need to drop what they are doing and patch this immediately,” warned consultant Robert Enderle, who heads the Enderle Group. “Cisco Secure Workload manages zero trust, micro-segmentation, and enterprise-wide network visibility. If an attacker controls the platform that dictates your security policies, they effectively own the map and the keys to your entire network kingdom.”

“This is the absolute worst-case scenario,” he added. “Because of how vital this platform is to large enterprises, threat actors will be aggressively scanning for unpatched API endpoints to exploit.”

The urgency of addressing this immediately was echoed by Fred Chagnon, principal research director at Info-Tech Research Group. An attacker could modify or dismantle an enterprise’s security policies, he pointed out, effectively opening doors within the environment that were deliberately closed.

‘Blast radius could be significant’

“Because this access operates at the site admin level and crosses tenant boundaries,” he added, “the blast radius in a multi-tenant deployment could be significant, potentially exposing or compromising workloads and data belonging to multiple business units or customers.”

Cisco assigned this flaw (CVE-2026-20223) a maximum CVSS score of 10.0 because it allows an unauthenticated, remote attacker to bypass authentication entirely. By sending a crafted HTTP request to an internal REST API endpoint, the threat actor instantly gains site admin privileges.

In its advisory, Cisco says this hole is due to insufficient validation and authentication when accessing REST API endpoints. 

There are no workarounds; the only solution is to install software updates to address this vulnerability, which Cisco “strongly recommends.” Systems running version 4.0 should upgrade to 4.0.3.17. Those with version 3.10 should upgrade to version 3.10.8.3, while those still on version 3.9 and earlier should migrate to a newer, fixed release.

The vulnerability affects Secure Workload Cluster Software in both SaaS and on-prem deployments, regardless of device configuration, but only affects internal REST APIs, and doesn’t impact the web-based management interface. However, only those using the on-prem version need to act; Cisco has already patched the SaaS product.

As of Wednesday, Cisco wasn’t aware of malicious use of the vulnerability.

‘Treat it as an active threat’

The good news, Chagnon said, is that Cisco’s own security team discovered and disclosed this vulnerability, publishing a patch at the same time as the advisory. And, he added, there are no known signs of exploitation in the wild, and no public disclosure preceded Cisco’s own announcement.

While the SaaS version of the platform has already been patched by Cisco, he said, admins running Cisco Secure Workload on-premises shouldn’t treat this as something to be fixed during routine patch cycle. “Given the nature of this vulnerability, a perfect CVSS score, no authentication required, and no available workarounds, organizations should treat this as they would an active threat,” he said. 

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.