Collecting Cyber-News from over 60 sources

Tag: cisa

CISA warns of max severity Ubiquiti flaws exploited in attacks

Jun 24, 2026 5:35 PM

Tags: attack, cisa, cybersecurity, exploit, flaw, hacker, infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks/
U.S. CISA adds Ubiquiti UniFi OS and Lantronix EDS5000 plugin flaws to its Known Exploited Vulnerabilities catalog

Jun 24, 2026 12:34 PM

Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ubiquiti UniFi OS and Lantronix EDS5000 flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ubiquiti UniFi OS and Lantronix EDS5000 flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two flaws added to the catalog are: The first flaw, tracked…
CISA Adds Ubiquiti UniFi OS Flaws to KEV Catalog

Jun 24, 2026 7:34 AM

Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, network, office, risk, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities affecting Ubiquiti UniFi OS to its Known Exploited Vulnerabilities (KEV) catalog. This highlights the increasing risk to both enterprise and small-office network environments that rely on this popular network management platform. The newly identified flaws, CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, affect UniFi OS…
CISA urges device hardening after thousands of Fortinet credentials compromised

Jun 22, 2026 6:34 PM

Tags: cisa, credentials, fortinet

Security researchers warn of a months-long FortiBleed campaign targeting western organizations. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-device-hardening-thousands-fortinet-credentials-compromised/823397/
CISA urges device hardening after thousands of Fortinet credentials compromised

Jun 22, 2026 6:34 PM

Tags: cisa, credentials, fortinet

Security researchers warn of a months-long FortiBleed campaign targeting western organizations. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-device-hardening-thousands-fortinet-credentials-compromised/823397/
CISA urges device hardening after thousands of Fortinet credentials compromised

Jun 22, 2026 6:34 PM

Tags: cisa, credentials, fortinet

Security researchers warn of a months-long FortiBleed campaign targeting western organizations. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-device-hardening-thousands-fortinet-credentials-compromised/823397/
CISA urges device hardening after thousands of Fortinet credentials compromised

Jun 22, 2026 6:34 PM

Tags: cisa, credentials, fortinet

Security researchers warn of a months-long FortiBleed campaign targeting western organizations. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-device-hardening-thousands-fortinet-credentials-compromised/823397/
CISA urges device hardening after thousands of Fortinet credentials compromised

Jun 22, 2026 6:34 PM

Tags: cisa, credentials, fortinet

Security researchers warn of a months-long FortiBleed campaign targeting western organizations. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-device-hardening-thousands-fortinet-credentials-compromised/823397/
Security Affairs newsletter Round 582 by Pierluigi Paganini INTERNATIONAL EDITION

Jun 21, 2026 8:34 PM

Tags: cisa, credentials, edr, email, international, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Inside GentleKiller: The EDR-Killer Powering The Gentlemen FortiBleed Exposes Global Credential-Spraying Operation CISA Warns of Active…
CISA Warns of Active Exploitation Following FortiBleed Leak

Jun 20, 2026 11:34 AM

Tags: cisa, credentials, data-breach, exploit, firewall, fortinet, leak, threat, vpn

FortiBleed exposed credentials for 74,000 Fortinet devices, with attackers actively exploiting the leak to target systems worldwide. On June 18, CISA issued an emergency alert after reports surfaced that credentials for approximately 74,000 Fortinet firewalls and VPN gateways had been leaked in what researchers are calling FortiBleed. The agency confirmed that threat actors were actively…
U.S. CISA adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog and urges agencies to fix it by Sunday

Jun 19, 2026 9:34 PM

Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, service, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Splunk Enterprise flaw, tracked as CVE-2026-20253 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The flaw CVE-2026-20253 is an improper authentication vulnerability in the PostgreSQL sidecar service of…
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)

Jun 19, 2026 9:34 PM

Tags: attack, cisa, cve, exploit, kev, rce, remote-code-execution, vulnerability

CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/19/splunk-vulnerability-cve-2026-20253-exploited/
Splunk Enterprise flaw actively exploited, patch by Sunday

Jun 19, 2026 9:34 PM

Tags: cisa, exploit, flaw, update, vulnerability

CISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday/
CISA warns Fortinet users to secure devices after FortiBleed leak

Jun 19, 2026 9:34 PM

Tags: cisa, credentials, cybersecurity, data, data-breach, firewall, fortinet, infrastructure, leak, vpn

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure their devices after nearly 74,000 firewall and VPN credentials were exposed in a data leak dubbed “FortiBleed.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-fortinet-users-to-secure-devices-after-fortibleed-leak/
CISA Issues Alert on Critical Splunk Enterprise Bug Under Active Exploitation

Jun 19, 2026 9:34 PM

Tags: authentication, cisa, cve, cyber, endpoint, exploit, flaw, kev, service, unauthorized, vulnerability

CISA has issued an urgent alert regarding a critical vulnerability in Splunk Enterprise, tracked as CVE-2026-20253, which is now listed in the Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation. The flaw, categorized under CWE-306 (Missing Authentication for Critical Function), exposes affected systems to unauthorized file manipulation through a PostgreSQL sidecar service endpoint,…
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

Jun 19, 2026 9:34 PM

Tags: cisa, cybersecurity, fortinet, infrastructure, Internet, malicious, russia, threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices.The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been codenamed FortiBleed. The number of compromised devices stands at First seen…
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

Jun 19, 2026 9:34 PM

Tags: cisa, cybersecurity, fortinet, infrastructure, Internet, malicious, russia, threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices.The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been codenamed FortiBleed. The number of compromised devices stands at First seen…
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

Jun 19, 2026 9:34 PM

Tags: cisa, cybersecurity, fortinet, infrastructure, Internet, malicious, russia, threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices.The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been codenamed FortiBleed. The number of compromised devices stands at First seen…
Breach Roundup: ShinyHunters Leaks 26M MSG Records

Jun 18, 2026 11:34 PM

Tags: attack, breach, cisa, cybersecurity, data, data-breach, email, leak, linux, ransomware, russia, supply-chain

Also, Arch Linux Attack, Estonia Quarantines Russian Emails, Joomla Flaw. This week, ShinyHunters leaked alleged Madison Square Garden data, a U.S. senator pressed CISA on regional staffing cuts, an Arch Linux supply-chain attack, Mackay Sugar began recovery from a ransomware attack, Novo Nordisk faced dueling breach claims – and more compelling cybersecurity news. First seen…
Kritische Sicherheitslücke in Joomla JCE aktiv ausgenutzt

Jun 18, 2026 7:34 PM

Tags: bug, cisa, exploit, vulnerability

Die US-Behörde CISA warnt vor einer kritischen Schwachstelle im Joomla Content Editor. Angreifer können unauthentifiziert Schadcode ausführen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/joomla-jce-sicherheitsluecke
CISA Urges OT Resilience in Dark Remarks About Cyberattacks

Jun 18, 2026 7:34 PM

Tags: banking, china, cisa, cyber, cyberattack, defense, infrastructure, Internet, military, resilience, russia, service

Vital Service Providers Need a Plan to Work Through Internet Outages, CISA Says. Critical U.S. infrastructure like water, power and even banking systems will be successfully hacked by enemy cyber warriors in the event of a military confrontation with a peer adversary like Russia or China, officials from the nation’s civilian cyber defense agency said.…
CISA Urges OT Resilience in Dark Remarks About Cyberattacks

Jun 18, 2026 7:34 PM

Tags: banking, china, cisa, cyber, cyberattack, defense, infrastructure, Internet, military, resilience, russia, service

Vital Service Providers Need a Plan to Work Through Internet Outages, CISA Says. Critical U.S. infrastructure like water, power and even banking systems will be successfully hacked by enemy cyber warriors in the event of a military confrontation with a peer adversary like Russia or China, officials from the nation’s civilian cyber defense agency said.…
CISA Urges OT Resilience in Dark Remarks About Cyberattacks

Jun 18, 2026 7:34 PM

Tags: banking, china, cisa, cyber, cyberattack, defense, infrastructure, Internet, military, resilience, russia, service

Vital Service Providers Need a Plan to Work Through Internet Outages, CISA Says. Critical U.S. infrastructure like water, power and even banking systems will be successfully hacked by enemy cyber warriors in the event of a military confrontation with a peer adversary like Russia or China, officials from the nation’s civilian cyber defense agency said.…
CISA warnt vor aktiv ausgenutzter CVE-2024-21182 – Alte Oracle-WebLogic-Lücke gefährdet über 1.500 ungepatchte Server

Jun 18, 2026 4:34 PM

Tags: cisa, cve, oracle

First seen on security-insider.de Jump to article: www.security-insider.de/oracle-weblogic-cve-2024-21182-t3-iiop-cisa-kev-a-b4ce296b16240c31441f41897cf80448/
Miggo adds SSVC scoring as CISA moves beyond CVSS-based vulnerability prioritization

Jun 18, 2026 2:34 PM

Tags: cisa, cvss, vulnerability

First seen on scworld.com Jump to article: www.scworld.com/brief/miggo-adds-ssvc-scoring-as-cisa-moves-beyond-cvss-based-vulnerability-prioritization
Major critical infrastructure disruptions are inevitable, acting CISA chief says

Jun 17, 2026 7:02 PM

Tags: cisa, cybersecurity, government, infrastructure, strategy

In recent years, the U.S. government has reoriented its cybersecurity strategy away from prevention and toward resilience. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cybersecurity-resilience-critical-infrastructure-cisa-nick-andersen/823166/
U.S. CISA adds Widget Factory Joomla Content Editor flaw to its Known Exploited Vulnerabilities catalog

Jun 17, 2026 6:02 PM

Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Widget Factory Joomla Content Editor (JCE) flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Widget Factory Joomla Content Editor (JCE) flaw, tracked as CVE-2026-48907 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. >>A vulnerability in the JCE…
What CISA’s new remediation directive means for CISOs

Jun 17, 2026 6:02 PM

Tags: cisa, ciso, flaw, risk, update

CISA’s updated directive for federal agencies compresses mandatory patching timelines to just three days for high-risk flaws, urging practitioners to ‘patch smarter, not harder.’ First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366644336/What-CISAs-new-remediation-directive-means-for-CISOs
Warner warns of CISA cuts, staffing gaps in letter to acting chief

Jun 17, 2026 1:03 PM

Tags: cisa

Warner on Tuesday also wrote a letter to DHS Secretary Markwayne Mullin, underscoring that DHS must prioritize CISA and pay for the MS-ISAC. First seen on therecord.media Jump to article: therecord.media/warner-warns-of-cisa-cuts-staffing-shortages
Warner warns of CISA cuts, staffing gaps in letter to acting chief

Jun 17, 2026 1:03 PM

Tags: cisa

Warner on Tuesday also wrote a letter to DHS Secretary Markwayne Mullin, underscoring that DHS must prioritize CISA and pay for the MS-ISAC. First seen on therecord.media Jump to article: therecord.media/warner-warns-of-cisa-cuts-staffing-shortages