CISA

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)

CISA, Don't miss, GuidePoint Security, Hot stuff, News, PoC, Synacktiv, WatchTowr, Windows, Windows Server /

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073) 2025-10-21 at 19:13 By Zeljka Zorz CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which has added the flaw to its Known Exploited Vulnerabilities catalog, […]

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073) Read More »

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253)

Adobe, CISA, Don't miss, exploit, Hot stuff, News, security update, vulnerability /

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) 2025-10-16 at 19:52 By Zeljka Zorz CISA has added CVE-2025-54253, a misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE), to its Known Exploited Vulnerabilities catalog, thus warning of detected in-the-wild exploitation. Adobe fixed the vulnerability in August 2025, along with CVE-2025-54254,

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) Read More »

From theory to training: Lessons in making NICE usable

CISA, CISO, CXO, cybersecurity, Daon, Don't miss, Features, framework, Hot stuff, News, NICE, research, Risk Management, SMBs, strategy, tips /

From theory to training: Lessons in making NICE usable 2025-10-10 at 09:02 By Mirko Zorz SMBs may not have big budgets, but they are on the receiving end of many cyberattacks. A new study from Cleveland State University looked at how these companies could train staff without getting lost in the thousands of skills and

From theory to training: Lessons in making NICE usable Read More »

Cybersecurity Awareness Month 2025:Prioritizing Identity to Safeguard Critical Infrastructure

CISA, Training & Awareness /

Cybersecurity Awareness Month 2025:Prioritizing Identity to Safeguard Critical Infrastructure 2025-10-01 at 14:00 By Torsten George This year’s theme focuses on government entities and small and medium-sized businesses that are vital to protecting the systems and services that keep our communities running. The post Cybersecurity Awareness Month 2025:Prioritizing Identity to Safeguard Critical Infrastructure appeared first on

Cybersecurity Awareness Month 2025:Prioritizing Identity to Safeguard Critical Infrastructure Read More »

CISA says it will fill the gap as some federal funding for MS-ISAC dries up

Center for Internet Security, CISA, cybersecurity, DHS, Don't miss, Government, Hot stuff, News, USA /

CISA says it will fill the gap as some federal funding for MS-ISAC dries up 2025-09-30 at 18:45 By Zeljka Zorz The cooperative agreement between the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the not-for-profit Center for Internet Security is ending today, the agency has announced on Monday, and CISA will take it upon

CISA says it will fill the gap as some federal funding for MS-ISAC dries up Read More »

The Cybersecurity Information Sharing Act Faces Expiration

CISA, Featured, Government /

The Cybersecurity Information Sharing Act Faces Expiration 2025-09-30 at 04:02 By Kevin Townsend The CISA is set to expire on September 30, 2025, raising urgent questions about risk, politics, and the future of threat intelligence. The post The Cybersecurity Information Sharing Act Faces Expiration appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

The Cybersecurity Information Sharing Act Faces Expiration Read More »

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks

0-day, backdoor, CISA, Cisco, Don't miss, firewall, Government, government-backed attacks, Hot stuff, malware analysis, NCSC, News /

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks 2025-09-26 at 14:19 By Zeljka Zorz A widespread campaign aimed at breaching organizations via zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) has been revealed by the US, UK, Canadian and Australian cybersecurity agencies. The suspected state-sponsored threat actor behind it is believed to be the one

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks Read More »

GeoServer Flaw Exploited in US Federal Agency Hack

CISA, exploited, GeoServer, Vulnerabilities /

GeoServer Flaw Exploited in US Federal Agency Hack 2025-09-24 at 16:21 By Ionut Arghire The hackers remained undetected for three weeks, deploying China Chopper, remote access scripts, and reconnaissance tools. The post GeoServer Flaw Exploited in US Federal Agency Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GeoServer Flaw Exploited in US Federal Agency Hack Read More »

CISA Analyzes Malware From Ivanti EPMM Intrusions

CISA, exploited, Ivanti, Malware, Malware & Threats /

CISA Analyzes Malware From Ivanti EPMM Intrusions 2025-09-19 at 14:30 By Ionut Arghire Hackers chained two Ivanti EPMM vulnerabilities to collect system information, dump credentials, and execute malware. The post CISA Analyzes Malware From Ivanti EPMM Intrusions appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Analyzes Malware From Ivanti EPMM Intrusions Read More »

CISA looks to partners to shore up the future of the CVE Program

CISA, CVE, Don't miss, Government, Hot stuff, MITRE, News, USA, vulnerability assessment /

CISA looks to partners to shore up the future of the CVE Program 2025-09-12 at 15:32 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has affirmed its continuing support for the Common Vulnerabilities and Exposures (CVE) program. “If we want to outpace and outmaneuver our adversaries, we must first ensure that defenders

CISA looks to partners to shore up the future of the CVE Program Read More »

CISA: CVE Program to Focus on Vulnerability Data Quality

CISA, CVE, Government /

CISA: CVE Program to Focus on Vulnerability Data Quality 2025-09-12 at 14:01 By Ionut Arghire CISA says it is time for the CVE Program to focus on improving trust, responsiveness, and the caliber of vulnerability data. The post CISA: CVE Program to Focus on Vulnerability Data Quality appeared first on SecurityWeek. This article is an

CISA: CVE Program to Focus on Vulnerability Data Quality Read More »

US, Allies Push for SBOMs to Bolster Cybersecurity

Application Security, CISA, guidance, Risk Management, SBOM /

US, Allies Push for SBOMs to Bolster Cybersecurity 2025-09-04 at 13:52 By Ionut Arghire SBOM adoption will drive software supply chain security, decreasing risks and costs, and improving transparency. The post US, Allies Push for SBOMs to Bolster Cybersecurity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

US, Allies Push for SBOMs to Bolster Cybersecurity Read More »

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)

CISA, Don't miss, Git, Hot stuff, News, PoC, software development, vulnerability /

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) 2025-08-26 at 13:47 By Zeljka Zorz CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not public, but the confirmation of exploitation comes from the US Cybersecurity and Infrastructure Security

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) Read More »

Organizations Warned of Exploited Git Vulnerability

CISA, CISA KEV, exploited, Git, Vulnerabilities /

Organizations Warned of Exploited Git Vulnerability 2025-08-26 at 11:29 By Ionut Arghire CISA urges federal agencies to immediately patch an exploited arbitrary file write vulnerability in Git that leads to remote code execution. The post Organizations Warned of Exploited Git Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Organizations Warned of Exploited Git Vulnerability Read More »

CISA Requests Public Feedback on Updated SBOM Guidance

Application Security, CISA, guidance, SBOM, Supply Chain Security /

CISA Requests Public Feedback on Updated SBOM Guidance 2025-08-25 at 13:54 By Ionut Arghire CISA has updated the Minimum Elements for a Software Bill of Materials (SBOM) guidance and is seeking public comment. The post CISA Requests Public Feedback on Updated SBOM Guidance appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

CISA Requests Public Feedback on Updated SBOM Guidance Read More »

Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876)

0-day, CISA, Don't miss, Hot stuff, MSP, N-able, News, remote management, vulnerability /

Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876) 2025-08-14 at 13:33 By Zeljka Zorz Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in N-central, a remote monitoring and management (RMM) solution by N-able that’s popular with managed service providers, are being exploited by attackers. There are no public reports of exploitation, but the confirmation came from

Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876) Read More »

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)

CISA, cloud security, Don't miss, Email, enterprise, Hot stuff, hybrid IT, Microsoft Exchange, News /

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) 2025-08-07 at 17:40 By Zeljka Zorz “In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace,” Microsoft has announced on Wednesday.

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) Read More »

It’s time to sound the alarm on water sector cybersecurity

CISA, CISO, critical infrastructure, cyber risk, cybersecurity, News, Semperis, strategy, tips /

It’s time to sound the alarm on water sector cybersecurity 2025-08-01 at 09:07 By Sinisa Markovic A cyberattack on a water facility can put entire communities and businesses at risk. Even a short disruption in clean water supply can have serious public health and safety consequences, and threat actors know the damage they can cause.

It’s time to sound the alarm on water sector cybersecurity Read More »

Senate Committee Advances Trump Nominee to Lead CISA

CISA, Government, Sean Plankey /

Senate Committee Advances Trump Nominee to Lead CISA 2025-07-30 at 22:36 By Associated Press Committee Members voted to recommend Sean Plankey for director of the Cybersecurity and Infrastructure Security Agency. The post Senate Committee Advances Trump Nominee to Lead CISA appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Senate Committee Advances Trump Nominee to Lead CISA Read More »

Organizations Warned of Interlock Ransomware Attacks

alert, CISA, Ransomware /

Organizations Warned of Interlock Ransomware Attacks 2025-07-23 at 14:35 By Ionut Arghire The US government has issued an alert on the Interlock ransomware, which targets organizations via drive-by download attacks. The post Organizations Warned of Interlock Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Organizations Warned of Interlock Ransomware Attacks Read More »

Scroll to Top