CISA

Vulnerabilities in CISA KEV Are Not Equally Critical: Report

CISA, CISA KEV, Incident Response, Ox Security, Vulnerabilities, Zero-Day /

Vulnerabilities in CISA KEV Are Not Equally Critical: Report 2025-05-28 at 13:13 By Ionut Arghire New report says organizations should always consider environmental context when assessing the impact of vulnerabilities in CISA KEV catalog. The post Vulnerabilities in CISA KEV Are Not Equally Critical: Report appeared first on SecurityWeek. This article is an excerpt from […]

Vulnerabilities in CISA KEV Are Not Equally Critical: Report Read More »

NIST proposes new metric to gauge exploited vulnerabilities

CISA, CISO, Don't miss, News, NIST, patching, security metrics, vulnerability assessment, vulnerability management /

NIST proposes new metric to gauge exploited vulnerabilities 2025-05-26 at 08:06 By Help Net Security NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and validate the method. The new metric, “Likely Exploited Vulnerabilities” (LEV), aims to close a

NIST proposes new metric to gauge exploited vulnerabilities Read More »

Companies Warned of Commvault Vulnerability Exploitation

alert, CISA, Commvault, exploited, Malware & Threats, vulnerability /

Companies Warned of Commvault Vulnerability Exploitation 2025-05-23 at 13:48 By Ionut Arghire CISA warns companies of a widespread campaign targeting a Commvault vulnerability to hack Azure environments. The post Companies Warned of Commvault Vulnerability Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Companies Warned of Commvault Vulnerability Exploitation Read More »

CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine

APT28, CISA, Malware & Threats, Nation-State, Russia, Ukraine, Unit 26165, Vulnerabilities /

CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine 2025-05-21 at 23:47 By Ryan Naraine Russian military intelligence hackers intensify targeting of Western logistics and technology companies moving supplies into Ukraine.  The post CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine Read More »

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers 

CISA, LEV, NIST, prioritization, Vulnerabilities, vulnerability /

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers  2025-05-20 at 15:39 By Eduard Kovacs The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization.  The post Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers  Read More »

Madhu Gottumukkala Officially Announced as CISA Deputy Director

appointed, CISA, Government, Madhu Gottumukkala /

Madhu Gottumukkala Officially Announced as CISA Deputy Director 2025-05-20 at 13:02 By Eduard Kovacs New CISA Deputy Director Madhu Gottumukkala has joined the agency from South Dakota’s Bureau of Information and Technology. The post Madhu Gottumukkala Officially Announced as CISA Deputy Director appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Madhu Gottumukkala Officially Announced as CISA Deputy Director Read More »

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

Chrome, CISA, Don't miss, Google, Hot stuff, Microsoft Edge, News, security update, vulnerability, vulnerability disclosure /

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) 2025-05-16 at 13:47 By Zeljka Zorz A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from insufficient policy enforcement in Google

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) Read More »

New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA

CISA, Compliance, Government, IoT, NCSC, secure by design, Security Code of Practice /

New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA 2025-05-07 at 17:58 By Ryan Naraine By baking minimum expectations into procurement conversations, the plan is to steer software vendors to “secure-by-design and default” basics. The post New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA appeared first on SecurityWeek. This article

New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA Read More »

US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations

alert, CISA, Featured, guidance, ICS, ICS/OT, SCADA /

US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations 2025-05-07 at 11:17 By Ionut Arghire The US government warns of threat actors targeting ICS/SCADA systems at oil and natural gas organizations. The post US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations appeared first on SecurityWeek. This article is an excerpt

US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations Read More »

White House Proposal Slashes Half-Billion from CISA Budget

budget, CISA, CVE, DHS, Government, Incident Response, Nation-State, RSA Conference /

White House Proposal Slashes Half-Billion from CISA Budget 2025-05-05 at 18:31 By Ryan Naraine The proposed $491 million cut is being positioned as a “refocusing”of CISA on its core mission “while eliminating weaponization and waste.” The post White House Proposal Slashes Half-Billion from CISA Budget appeared first on SecurityWeek. This article is an excerpt from

White House Proposal Slashes Half-Billion from CISA Budget Read More »

UK retailers under cyber attack: Co-op member data compromised

CISA, Don't miss, Hot stuff, NCSC, News, Ransomware, Retail, social engineering, UK /

UK retailers under cyber attack: Co-op member data compromised 2025-05-05 at 15:17 By Zeljka Zorz UK-based retailers Marks & Spencer, Co-op, and Harrods have been targeted by cyber attackers in the last few weeks. Whether the attacks have been mounted by the same group is difficult to say for sure: the victimized businesses are sharing

UK retailers under cyber attack: Co-op member data compromised Read More »

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)

CISA, Don't miss, exploit, Hot stuff, News, PoC, SMBs, SonicWall, vulnerability, WatchTowr /

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) 2025-05-02 at 16:18 By Zeljka Zorz Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise Sonicwall secure mobile access devices, the vendor has confirmed by updating the associated advisories. CISA has added the two flaws to its Known Exploited Vulnerabilities catalog,

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) Read More »

CISA warns about actively exploited Broadcom, Commvault vulnerabilities

Broadcom, CISA, Commvault, data center, Don't miss, email security, Hot stuff, Japan, News, USA /

CISA warns about actively exploited Broadcom, Commvault vulnerabilities 2025-04-29 at 15:47 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault (CVE-2025-3928), Active! Mail (CVE-2025-42599), and Broadcom Brocade (CVE-2025-1976) solutions. CISA’s KEV catalog is constantly updated and provides IT admins

CISA warns about actively exploited Broadcom, Commvault vulnerabilities Read More »

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)

CISA, Don't miss, Hot stuff, News, SMBs, SonicWall, vulnerability /

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) 2025-04-18 at 14:47 By Zeljka Zorz CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers. Sonicwall confirmed it by updating the original security advisory to reflect the new state of play, and by changing the description of the vulnerability

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) Read More »

CISA Issues Guidance After Oracle Cloud Hack

CISA, credentials, guidance, Identity & Access, Oracle /

CISA Issues Guidance After Oracle Cloud Hack 2025-04-17 at 14:05 By Eduard Kovacs CISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack. The post CISA Issues Guidance After Oracle Cloud Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Issues Guidance After Oracle Cloud Hack Read More »

MITRE CVE Program Gets Last-Hour Funding Reprieve

CISA, CVE, CVE Program, Featured, Government, MITRE, Vulnerabilities /

MITRE CVE Program Gets Last-Hour Funding Reprieve 2025-04-16 at 19:36 By Ryan Naraine The US government’s cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational. The post MITRE CVE Program Gets Last-Hour Funding Reprieve appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

MITRE CVE Program Gets Last-Hour Funding Reprieve Read More »

Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs

CC Krebs, CISA, Election, Government, Krebs Stamos Group, Management & Strategy, SentinelOne /

Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs 2025-04-10 at 17:48 By Ryan Naraine Trump orders a termination of any active security clearances held by Krebs and a suspension of clearances held by individuals at SentinelOne. The post Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs appeared first on SecurityWeek. This article is

Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs Read More »

RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406)

0-day, CISA, Don't miss, enterprise, file-sharing, Gladinet, Hot stuff, MSP, News /

RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) 2025-04-09 at 13:43 By Zeljka Zorz A critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited Vulnerabilities catalog on Tuesday. According to the vulnerability’s entry in NIST’s National Vulnerability Database, the flaw has been leveraged

RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) Read More »

US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations

CISA, DNS, fast flux, guidance, Malware & Threats /

US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations 2025-04-04 at 15:29 By Ionut Arghire US and allied countries warn of threat actors using the “fast flux” technique to change DNS records and hide malicious servers’ locations. The post US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server

US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations Read More »

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)

CISA, Cisco, Don't miss, expl, Hot stuff, News, SANS ISC, vulnerability /

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) 2025-04-03 at 16:15 By Zeljka Zorz CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog. Cisco has followed up

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) Read More »

Scroll to Top