Cisco Unified CM CVE-2026-20230 now drops webshells via Tor
Three weeks after the June 3 patch, Defused honeypots see automated Tor-routed sweeps deploying multi-stage JSP shells via the WebDialer SSRF. Patch alone won't evict them.
Three weeks after the June 3 patch, Defused honeypots see automated Tor-routed sweeps deploying multi-stage JSP shells via the WebDialer SSRF. Patch alone won't evict them.