CISA

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)

CISA, Don't miss, exploit, Hot stuff, News, PoC, SMBs, SonicWall, vulnerability, WatchTowr /

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) 2025-05-02 at 16:18 By Zeljka Zorz Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise Sonicwall secure mobile access devices, the vendor has confirmed by updating the associated advisories. CISA has added the two flaws to its Known Exploited Vulnerabilities catalog, […]

React to this headline:

Loading spinner

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) Read More »

CISA warns about actively exploited Broadcom, Commvault vulnerabilities

Broadcom, CISA, Commvault, data center, Don't miss, email security, Hot stuff, Japan, News, USA /

CISA warns about actively exploited Broadcom, Commvault vulnerabilities 2025-04-29 at 15:47 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault (CVE-2025-3928), Active! Mail (CVE-2025-42599), and Broadcom Brocade (CVE-2025-1976) solutions. CISA’s KEV catalog is constantly updated and provides IT admins

React to this headline:

Loading spinner

CISA warns about actively exploited Broadcom, Commvault vulnerabilities Read More »

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)

CISA, Don't miss, Hot stuff, News, SMBs, SonicWall, vulnerability /

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) 2025-04-18 at 14:47 By Zeljka Zorz CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers. Sonicwall confirmed it by updating the original security advisory to reflect the new state of play, and by changing the description of the vulnerability

React to this headline:

Loading spinner

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) Read More »

CISA Issues Guidance After Oracle Cloud Hack

CISA, credentials, guidance, Identity & Access, Oracle /

CISA Issues Guidance After Oracle Cloud Hack 2025-04-17 at 14:05 By Eduard Kovacs CISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack. The post CISA Issues Guidance After Oracle Cloud Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

CISA Issues Guidance After Oracle Cloud Hack Read More »

MITRE CVE Program Gets Last-Hour Funding Reprieve

CISA, CVE, CVE Program, Featured, Government, MITRE, Vulnerabilities /

MITRE CVE Program Gets Last-Hour Funding Reprieve 2025-04-16 at 19:36 By Ryan Naraine The US government’s cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational. The post MITRE CVE Program Gets Last-Hour Funding Reprieve appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

MITRE CVE Program Gets Last-Hour Funding Reprieve Read More »

Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs

CC Krebs, CISA, Election, Government, Krebs Stamos Group, Management & Strategy, SentinelOne /

Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs 2025-04-10 at 17:48 By Ryan Naraine Trump orders a termination of any active security clearances held by Krebs and a suspension of clearances held by individuals at SentinelOne. The post Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs Read More »

RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406)

0-day, CISA, Don't miss, enterprise, file-sharing, Gladinet, Hot stuff, MSP, News /

RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) 2025-04-09 at 13:43 By Zeljka Zorz A critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited Vulnerabilities catalog on Tuesday. According to the vulnerability’s entry in NIST’s National Vulnerability Database, the flaw has been leveraged

React to this headline:

Loading spinner

RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) Read More »

US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations

CISA, DNS, fast flux, guidance, Malware & Threats /

US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations 2025-04-04 at 15:29 By Ionut Arghire US and allied countries warn of threat actors using the “fast flux” technique to change DNS records and hide malicious servers’ locations. The post US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server

React to this headline:

Loading spinner

US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations Read More »

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)

CISA, Cisco, Don't miss, expl, Hot stuff, News, SANS ISC, vulnerability /

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) 2025-04-03 at 16:15 By Zeljka Zorz CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog. Cisco has followed up

React to this headline:

Loading spinner

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) Read More »

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices

China, CISA, cyber espionage, Don't miss, Hot stuff, Ivanti, Malware, Mandiant, Microsoft, News /

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices 2025-03-31 at 16:12 By Zeljka Zorz CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the

React to this headline:

Loading spinner

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices Read More »

CISA Analyzes Malware Used in Ivanti Zero-Day Attacks

CISA, exploit, Ivanti, Malware, Malware & Threats, Resurge /

CISA Analyzes Malware Used in Ivanti Zero-Day Attacks 2025-03-31 at 13:37 By Ionut Arghire CISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day. The post CISA Analyzes Malware Used in Ivanti Zero-Day Attacks appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

CISA Analyzes Malware Used in Ivanti Zero-Day Attacks Read More »

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD

CISA, CVE, Government, NIST, NVD, Vulnerabilities /

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD 2025-03-24 at 18:21 By Ryan Naraine The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth. The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek. This

React to this headline:

Loading spinner

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD Read More »

Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One for Elections

CISA, Election, Government, Trump /

Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One for Elections 2025-03-12 at 14:30 By Associated Press The Trump administration has cut millions of dollars in federal funding from two cybersecurity initiatives, including one dedicated to helping state and local election officials. The post Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One

React to this headline:

Loading spinner

Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One for Elections Read More »

ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens 

CISA, ICS, ICS Patch Tuesday, ICS/OT, Schneider Electric, Siemens /

ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens  2025-03-12 at 12:05 By Eduard Kovacs Industrial giants Siemens and Schneider Electric have released March 2025 Patch Tuesday ICS security advisories. The post ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens  Read More »

Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation

CIRCIA, CISA, Government, Government Policy /

Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation 2025-03-06 at 14:52 By Ionut Arghire A group of financial organizations is asking CISA to rescind and reissue its proposed implementation of CIRCIA. The post Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation Read More »

CISA: No Change on Defending Against Russian Cyber Threats

CISA, Cyberwarfare, FSB, Government, Russia, SVR /

CISA: No Change on Defending Against Russian Cyber Threats 2025-03-03 at 19:37 By Ryan Naraine The CISA public clarification follows news the Trump administration is temporarily pausing offensive cyber operations against Moscow. The post CISA: No Change on Defending Against Russian Cyber Threats appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

CISA: No Change on Defending Against Russian Cyber Threats Read More »

CISA, FBI Warn of China-Linked Ghost Ransomware Attacks

CISA, Cring, FBI, Ghost, Ransomware /

CISA, FBI Warn of China-Linked Ghost Ransomware Attacks 2025-02-20 at 15:40 By Ionut Arghire CISA and the FBI warn organizations of attacks employing the Ghost (Cring) ransomware, operated by Chinese hackers. The post CISA, FBI Warn of China-Linked Ghost Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

CISA, FBI Warn of China-Linked Ghost Ransomware Attacks Read More »

Sean Cairncross is Trump Nominee for National Cyber Director

CISA, Government, Management & Strategy, National Cyber Director, Sean Cairncross, Sean Plankey /

Sean Cairncross is Trump Nominee for National Cyber Director 2025-02-14 at 17:03 By Ryan Naraine Former RNC official Sean Cairncross has been nominated for the post of National Cyber Director to streamline the US cybersecurity strategy. The post Sean Cairncross is Trump Nominee for National Cyber Director appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Sean Cairncross is Trump Nominee for National Cyber Director Read More »

CISA Updates Known Exploited Vulnerabilities Catalog with Four Critical Issues

CISA, Exploited Vulnerabilities, vulnerability /

CISA Updates Known Exploited Vulnerabilities Catalog with Four Critical Issues 2025-02-13 at 13:49 By daksh sharma In a recent update to its Known Exploited Vulnerabilities Catalog, the Cybersecurity and Infrastructure Security Agency (CISA) has added four security vulnerabilities that are currently under active exploitation. These vulnerabilities span across multiple platforms and pose substantial security risks

React to this headline:

Loading spinner

CISA Updates Known Exploited Vulnerabilities Catalog with Four Critical Issues Read More »

US Cyber Agency Puts Election Security Staffers Who Worked With the States on Leave

CISA, Election, Government /

US Cyber Agency Puts Election Security Staffers Who Worked With the States on Leave 2025-02-11 at 13:48 By Associated Press Staffers at the nation’s cybersecurity agency whose job is to ensure the security of US elections have been placed on administrative leave. The post US Cyber Agency Puts Election Security Staffers Who Worked With the

React to this headline:

Loading spinner

US Cyber Agency Puts Election Security Staffers Who Worked With the States on Leave Read More »

Scroll to Top