Critical Vulnerability in Cisco CUCM and Unity Connection; AWS Introduces ACM Certificate Export

A critical vulnerability has been discovered in Cisco Unified Communications Manager (CUCM) and Cisco Unity Connection, allowing remote code execution without authentication. This flaw, identified as CVE-2025-1234, affects versions prior to 15.0 and can be exploited via specially crafted HTTP requests. Cisco has released patches for the affected versions. Additionally, sensitive secrets have been found in public commits on GitHub, exposing credentials and API keys. A study reveals that over 100,000 repositories contain secrets, with a 20% increase in incidents related to these exposures in 2024. Finally, AWS has introduced a new feature allowing the export of ACM (AWS Certificate Manager) certificates for use outside AWS, simplifying the management of SSL/TLS certificates.