BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

The Australian government has issued a warning regarding the BadCandy webshell, which is actively exploiting an unpatched vulnerability (CVE-2023-20198) in Cisco IOS XE devices. This exploit allows attackers to gain administrator privileges and install the webshell, with hundreds of devices in Australia already compromised.