Cisco, Splunk, AI Coding Agents Hit by Critical Security Flaws; PHANTOMPULSE RAT Targets Finance via Obsidian

A wave of high-severity vulnerabilities has been disclosed across major enterprise and development platforms, exposing critical systems to remote code execution and targeted attacks. Cisco patched four critical CVEs in its Identity Services Engine (ISE) and Webex platforms, flaws that could enable attackers to execute arbitrary code and impersonate users. Simultaneously, Splunk Enterprise addressed a separate RCE vulnerability exploitable by low-privileged users through a file upload mechanism, posing a significant internal threat to organizations using the platform for security monitoring.

The threat landscape extends beyond traditional software to the tools developers rely on. A novel attack campaign, dubbed PHANTOMPULSE, is delivering a remote access trojan (RAT) by abusing plugins for the popular note-taking app Obsidian, specifically targeting individuals in the finance and cryptocurrency sectors. In a parallel development, AI-powered coding assistants—including Anthropic's Claude Code, Google's Gemini CLI, and GitHub Copilot—have been found vulnerable to prompt injection attacks via code comments, a technique that could allow malicious actors to manipulate the AI's output and potentially introduce security flaws into generated code.

These disclosures highlight a multi-front security crisis. The Cisco and Splunk flaws threaten the core infrastructure of enterprise networks and security operations centers. The exploitation of Obsidian, a tool trusted for sensitive note-taking, demonstrates a shift towards compromising productivity software in highly targeted financial espionage. The vulnerabilities in AI coding agents introduce a new attack vector into the software development lifecycle itself, where AI-generated code could become a conduit for hidden vulnerabilities. The timing and severity of these patches and threat reports signal intense pressure on security teams to defend against both widespread infrastructure attacks and highly specialized, socially-engineered intrusions.