Tag: cisa
-
CISA releases technology readiness list for post-quantum cryptography
PQC standards and algorithm roadmap: The CISA advisory is aimed at aligning technologies with the nascent PQC standards now added into federal policy. NIST’s post-quantum standardization project and its Federal Information Processing Standards (FIPS) publications formed the baseline for the advisory.These include FIPS 203, which specifies the Module-lattice-Based Key Encapsulation Mechanism (ML-KEM) based on the…
-
CISA Flags Actively Exploited VMware vCenter RCE Flaw in KEV Catalog
Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vcenter, vmware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog, confirming that the flaw is being actively exploited in real-world attacks. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/vmware-vcenter-cve-2024-37079-exploited/
-
CISA publishes a post-quantum shopping list for agencies. Security professionals aren’t sold
A guide aims to help tech buyers navigate their switch to post-quantum encryption, but experts cautioned that most products and backend internet protocols have yet to be updated. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-post-quantum-cryptography-procurement-guide-expert-criticism/
-
CISA Releases List of Post-Quantum Cryptography Product Categories
CISA released initial list of PQC-capable hardware and software to guide companies amid quantum threats First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-post-quantum-cryptography/
-
CISA says critical VMware RCE flaw now actively exploited
CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-says-critical-vmware-rce-flaw-now-actively-exploited/
-
Security Affairs newsletter Round 560 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Osiris ransomware emerges, leveraging BYOVD technique to kill security tools U.S. CISA adds a flaw in…
-
U.S. CISA adds a flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Broadcom VMware vCenter to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Broadcom VMware vCenter Server vulnerability, tracked as CVE-2024-37079 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. vCenter Server is a centralized management platform developed…
-
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerability in question is CVE-2024-37079 (CVSS score: 9.8), which refers to a heap overflow…
-
CISA confirms active exploitation of four enterprise software bugs
The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities impacting enterprise software from Versa and Zimbra, the Vite frontend tooling framework, and the Prettier code formatter. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-confirms-active-exploitation-of-four-enterprise-software-bugs/
-
CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2025-68645 (CVSS score: 8.8) – A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow…
-
CISA Updates KEV Catalog with 4 Critical Vulnerabilities Following Ongoing Exploits
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, software, update, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalogue with four critical security flaws affecting widely-used enterprise software and development tools. All vulnerabilities were added on January 22, 2026, with a standardized deadline of February 12, 2026, requiring federal agencies and critical infrastructure operators to implement patches or mitigations.…
-
U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities…
-
Cisco Unified CM Zero-Day RCE Under Attack, CISA Issues Warning
Tags: attack, cisa, cisco, communications, cve, cyber, exploit, flaw, kev, rce, remote-code-execution, service, vulnerability, zero-dayCISA has added CVE-2026-20045, a critical zero-day remote code execution (RCE) vulnerability in Cisco Unified Communications Manager (Unified CM), to its Known Exploited Vulnerabilities (KEV) catalog. Added on January 21, 2026, this flaw affects multiple Cisco Unified Communications products, including Unified CM, Unified CM Session Management Edition (SME), Unified CM IM & Presence Service, Cisco…
-
Active Exploitation Of Fortinet SSO Flaw Targets Firewalls For Admin Takeover
Tags: access, authentication, cisa, cve, cvss, cyber, data-breach, exploit, firewall, flaw, fortinet, Internet, malicious, threat, vulnerabilityThreat actors actively exploit critical Fortinet vulnerabilities CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO authentication on firewalls and proxies. These flaws allow unauthenticated attackers to craft malicious SAML messages, gaining admin access on internet-exposed devices. Fortinet disclosed them on December 9, 2025, with CVSS scores of 9.8, and CISA added CVE-2025-59718 to its Known Exploited…
-
U.S. CISA adds a flaw in Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog
Tags: cisa, cisco, communications, cve, cybersecurity, exploit, flaw, infrastructure, kev, vulnerability, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Unified Communications products vulnerability, tracked as CVE-2026-20045 (CVSS score of 8.2), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Cisco patched a critical zero-day…
-
Congressional appropriators move to extend information-sharing law, fund CISA
The legislation also includes mandates on election security funding and CISA staff levels, as well as an extension of a state and local cyber grant program. First seen on cyberscoop.com Jump to article: cyberscoop.com/congressional-appropriators-move-to-extend-information-sharing-law-fund-cisa/
-
Congressional appropriators move to extend information-sharing law, fund CISA
The legislation also includes mandates on election security funding and CISA staff levels, as well as an extension of a state and local cyber grant program. First seen on cyberscoop.com Jump to article: cyberscoop.com/congressional-appropriators-move-to-extend-information-sharing-law-fund-cisa/
-
UK authorities warn of pro-Russia groups targeting critical infrastructure, local government
The alert comes just over a month after a joint advisory from CISA, the FBI and Western allies citing hacktivist activity against OT providers.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/uk-warn-pro-russia-critical-infrastructure/809992/
-
Lawmakers move to extend two cyber programs (again) in funding proposal
The extension in the $1.2 trillion funding deal is the latest short-term solution in a monthslong saga for CISA 2015, which provides liability protections to encourage private companies to share digital threat information with the federal government. First seen on therecord.media Jump to article: therecord.media/lawmakers-move-to-extend-two-cyber-programs-again
-
Why the future of security starts with who, not where
Tags: access, attack, cisa, ciso, cloud, compliance, control, cybersecurity, data, framework, google, identity, mfa, monitoring, network, nist, passkey, password, resilience, risk, saas, wifi, zero-trustCloud + remote work = No perimeter: Now, with remote work and the cloud, there’s no real perimeter left. People connect from home Wi-Fi, personal laptops, airports, coffee shops, you name it. At the same time, company data and workloads are scattered across AWS, Azure, Google Cloud and various SaaS platforms. The old rules just…
-
Acting CISA Director Pushed to Remove Agency CIO
The drama at the Cybersecurity and Infrastructure Security Agency is not helpful when it needs to focus on defending networks and infrastructure. The post Acting CISA Director Pushed to Remove Agency CIO appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisa-leadership-crisis/
-
CISA’s secure-software buying tool had a simple XSS vulnerability of its own
A researcher who discovered the vulnerability said it was fixed in December, after he first reported it to the agency in September. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-secure-software-buying-tool-had-a-simple-xss-vulnerability-of-its-own/
-
CISA, Allies Sound Alarm on OT Network Exposure
Joint US, UK and Five Eyes Guidance Flags OT Exposure as National Risk. U.S. and allied cyber agencies issued new guidance warning that insecure operational technology connectivity – driven by remote access, third-party vendors and IT integration – remains a major threat vector, enabling cyber intrusions to escalate into physical disruptions. First seen on govinfosecurity.com…
-
CISA Issues New AI Security Guidance for Critical Infrastructure
CISA and international partners issued new guidance on securing AI in operational technology, warning of OT risks and urging stronger governance and safeguards. The post CISA Issues New AI Security Guidance for Critical Infrastructure appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisa-ai-security-guidance-2026/
-
Trump Renominates Sean Plankey to Lead CISA
Former NSC Cyber Adviser Renominated to Lead CISA Amid Ongoing Senate Gridlock. The White House has renominated Sean Plankey to head CISA, reviving a stalled bid hindered by Senate holds and demands to release a report on telecom sector threats linked to China, as the agency continues to operate without a permanent director amid rising…
-
CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
Tags: access, advisory, attack, authentication, cisa, cve, cyber, cybersecurity, exploit, flaw, fortinet, infrastructure, injection, kev, mitigation, threat, update, vpn, vulnerability, zero-dayExploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices. Key takeaways: CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have historically been common targets for cyber attackers, with 23 Fortinet CVEs currently on the CISA KEV list. Public exploit code has…
-
Trump resubmits Sean Plankey for CISA director
Tags: cisaIt’s unclear when the Senate will act on Plankey’s nomination, which stalled last year after multiple senators blocked it. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-trump-renominate-sean-plankey/809614/
-
US cybersecurity weakened by congressional delays despite Plankey renomination
Tags: business, cisa, cyber, cybersecurity, government, infrastructure, law, network, risk, strategy, threatCISA 2015 reauthorization: Likely, but late and suboptimal: A major cybersecurity bill called the Cybersecurity Information Sharing Act of 2015 (CISA 2015), which expired on Sept. 30, was temporarily revived on Nov. 13 and given a two-month lease on life through Jan. 30, 2026. The law provides critical legal liability protections that enable cyber threat…