CISA

CISA looks to partners to shore up the future of the CVE Program

CISA looks to partners to shore up the future of the CVE Program 2025-09-12 at 15:32 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has affirmed its continuing support for the Common Vulnerabilities and Exposures (CVE) program. “If we want to outpace and outmaneuver our adversaries, we must first ensure that defenders […]

React to this headline:

Loading spinner

CISA looks to partners to shore up the future of the CVE Program Read More »

CISA: CVE Program to Focus on Vulnerability Data Quality

CISA: CVE Program to Focus on Vulnerability Data Quality 2025-09-12 at 14:01 By Ionut Arghire CISA says it is time for the CVE Program to focus on improving trust, responsiveness, and the caliber of vulnerability data. The post CISA: CVE Program to Focus on Vulnerability Data Quality appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

CISA: CVE Program to Focus on Vulnerability Data Quality Read More »

US, Allies Push for SBOMs to Bolster Cybersecurity

US, Allies Push for SBOMs to Bolster Cybersecurity 2025-09-04 at 13:52 By Ionut Arghire SBOM adoption will drive software supply chain security, decreasing risks and costs, and improving transparency. The post US, Allies Push for SBOMs to Bolster Cybersecurity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

US, Allies Push for SBOMs to Bolster Cybersecurity Read More »

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) 2025-08-26 at 13:47 By Zeljka Zorz CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not public, but the confirmation of exploitation comes from the US Cybersecurity and Infrastructure Security

React to this headline:

Loading spinner

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) Read More »

Organizations Warned of Exploited Git Vulnerability

Organizations Warned of Exploited Git Vulnerability 2025-08-26 at 11:29 By Ionut Arghire CISA urges federal agencies to immediately patch an exploited arbitrary file write vulnerability in Git that leads to remote code execution. The post Organizations Warned of Exploited Git Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Organizations Warned of Exploited Git Vulnerability Read More »

CISA Requests Public Feedback on Updated SBOM Guidance

CISA Requests Public Feedback on Updated SBOM Guidance 2025-08-25 at 13:54 By Ionut Arghire CISA has updated the Minimum Elements for a Software Bill of Materials (SBOM) guidance and is seeking public comment. The post CISA Requests Public Feedback on Updated SBOM Guidance appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

CISA Requests Public Feedback on Updated SBOM Guidance Read More »

Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876)

Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876) 2025-08-14 at 13:33 By Zeljka Zorz Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in N-central, a remote monitoring and management (RMM) solution by N-able that’s popular with managed service providers, are being exploited by attackers. There are no public reports of exploitation, but the confirmation came from

React to this headline:

Loading spinner

Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876) Read More »

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) 2025-08-07 at 17:40 By Zeljka Zorz “In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace,” Microsoft has announced on Wednesday.

React to this headline:

Loading spinner

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) Read More »

It’s time to sound the alarm on water sector cybersecurity

It’s time to sound the alarm on water sector cybersecurity 2025-08-01 at 09:07 By Sinisa Markovic A cyberattack on a water facility can put entire communities and businesses at risk. Even a short disruption in clean water supply can have serious public health and safety consequences, and threat actors know the damage they can cause.

React to this headline:

Loading spinner

It’s time to sound the alarm on water sector cybersecurity Read More »

Senate Committee Advances Trump Nominee to Lead CISA

Senate Committee Advances Trump Nominee to Lead CISA 2025-07-30 at 22:36 By Associated Press Committee Members voted to recommend Sean Plankey for director of the Cybersecurity and Infrastructure Security Agency. The post Senate Committee Advances Trump Nominee to Lead CISA appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

Senate Committee Advances Trump Nominee to Lead CISA Read More »

Organizations Warned of Interlock Ransomware Attacks

Organizations Warned of Interlock Ransomware Attacks 2025-07-23 at 14:35 By Ionut Arghire The US government has issued an alert on the Interlock ransomware, which targets organizations via drive-by download attacks. The post Organizations Warned of Interlock Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

Organizations Warned of Interlock Ransomware Attacks Read More »

Microsoft SharePoint servers under attack via zero-day vulnerability with no patch (CVE-2025-53770)

Microsoft SharePoint servers under attack via zero-day vulnerability with no patch (CVE-2025-53770) 2025-07-21 at 00:02 By Zeljka Zorz Attackers are exploiting a zero-day variant (CVE-2025-53770) of a SharePoint remote code execution vulnerability (CVE-2025-49706) that Microsoft patched earlier this month, the company has confirmed on Saturday. CVE-2025-53770 is being leveraged to place a backdoor on vulnerable

React to this headline:

Loading spinner

Microsoft SharePoint servers under attack via zero-day vulnerability with no patch (CVE-2025-53770) Read More »

Casie Antalis Named Executive Director of CISA

Casie Antalis Named Executive Director of CISA 2025-06-30 at 14:39 By Eduard Kovacs Casie Antalis is the new executive director of the Cybersecurity and Infrastructure Security Agency after the departure of Bridget Bean. The post Casie Antalis Named Executive Director of CISA appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Casie Antalis Named Executive Director of CISA Read More »

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles 2025-06-16 at 16:18 By Zeljka Zorz Vulnerabilities affecting the SinoTrack GPS tracking platform may allow attackers to keep tabs on vehicles’ location and even perform actions such as disconnecting power to vehicles’ fuel pump (if the tracker can interact with a car’s system). The warning

React to this headline:

Loading spinner

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles Read More »

SimpleHelp Vulnerability Exploited Against Utility Billing Software Users

SimpleHelp Vulnerability Exploited Against Utility Billing Software Users 2025-06-13 at 13:56 By Ionut Arghire CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers. The post SimpleHelp Vulnerability Exploited Against Utility Billing Software Users appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

SimpleHelp Vulnerability Exploited Against Utility Billing Software Users Read More »

FBI Aware of 900 Organizations Hit by Play Ransomware

FBI Aware of 900 Organizations Hit by Play Ransomware 2025-06-05 at 14:20 By Ionut Arghire Play ransomware attacks have hit roughly 900 organizations and recently involved the exploitation of SimpleHelp vulnerabilities. The post FBI Aware of 900 Organizations Hit by Play Ransomware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

FBI Aware of 900 Organizations Hit by Play Ransomware Read More »

CISA Updates Advisory for Active Exploitation Targeting Commvault Metallic SaaS Cloud Platform

CISA Updates Advisory for Active Exploitation Targeting Commvault Metallic SaaS Cloud Platform 2025-05-28 at 17:30 By daksh sharma CISA issues urgent update on threats targeting Commvault’s Metallic SaaS platform, widely used for Microsoft 365 backups. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

CISA Updates Advisory for Active Exploitation Targeting Commvault Metallic SaaS Cloud Platform Read More »

Vulnerabilities in CISA KEV Are Not Equally Critical: Report

Vulnerabilities in CISA KEV Are Not Equally Critical: Report 2025-05-28 at 13:13 By Ionut Arghire New report says organizations should always consider environmental context when assessing the impact of vulnerabilities in CISA KEV catalog. The post Vulnerabilities in CISA KEV Are Not Equally Critical: Report appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Vulnerabilities in CISA KEV Are Not Equally Critical: Report Read More »

NIST proposes new metric to gauge exploited vulnerabilities

NIST proposes new metric to gauge exploited vulnerabilities 2025-05-26 at 08:06 By Help Net Security NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and validate the method. The new metric, “Likely Exploited Vulnerabilities” (LEV), aims to close a

React to this headline:

Loading spinner

NIST proposes new metric to gauge exploited vulnerabilities Read More »

Companies Warned of Commvault Vulnerability Exploitation

Companies Warned of Commvault Vulnerability Exploitation 2025-05-23 at 13:48 By Ionut Arghire CISA warns companies of a widespread campaign targeting a Commvault vulnerability to hack Azure environments. The post Companies Warned of Commvault Vulnerability Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Companies Warned of Commvault Vulnerability Exploitation Read More »

Scroll to Top