Tag: cisa
-
CISA on Life Support
The latest shutdown may be temporary, but the damage at CISA is not. Staffing cuts, stalled leadership and political crossfire have hollowed out what was once a bright spot in federal cybersecurity. When institutions built on trust and coordination lose people and mission clarity, the risks extend far beyond Washington. First seen on securityboulevard.com Jump…
-
Binding Operational Directive 26-02 sets deadlines for edge device replacement
Tags: cisaIn this Help Net Security video, Jen Sovada, General Manager, Public Sector at Claroty, explains CISA’s Binding Operational Directive 26-02 and what it means for federal … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/cisa-binding-operational-directive-26-02-edge-device-video/
-
Hackers target vulnerabilities in Roundcube Webmail
CISA has added the flaws, one of which is considered critical, to its Known Exploited Vulnerabilities catalog. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/hackers-target-vulnerabilities-in-roundcube-webmail/812839/
-
Recently patched RoundCube flaws now exploited in attacks
CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-recently-patched-roundcube-flaws-now-exploited-in-attacks/
-
CISA Warns of Actively Exploited Roundcube Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, open-source, risk, threat, vulnerabilityOn February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a popular open-source webmail client used by organizations worldwide, now faces heightened risks as attackers target…
-
CISA Warns of Actively Exploited Roundcube Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, open-source, risk, threat, vulnerabilityOn February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a popular open-source webmail client used by organizations worldwide, now faces heightened risks as attackers target…
-
Security Affairs newsletter Round 564 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog PayPal discloses extended data…
-
U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two RoundCube Webmail flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Roundcube is a popular webmail platform and has been repeatedly targeted…
-
CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerabilities in question are listed below -CVE-2025-49113 (CVSS score: 9.9) – A deserialization of untrusted data vulnerability that allows remote code First seen on thehackernews.com…
-
News brief: 6 Microsoft zero days and a warning from CISA
Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366639010/News-brief-6-Microsoft-zero-days-and-a-warning-from-CISA
-
BeyondTrust RCE flaw now exploited in ransomware attacks
Tags: attack, cisa, cve, cybersecurity, exploit, flaw, hacker, infrastructure, ransomware, rce, remote-code-execution, vulnerabilityHackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-beyondtrust-rce-flaw-now-exploited-in-ransomware-attacks/
-
CISA gives federal agencies three days to patch actively exploited Dell bug
Hardcoded credential flaw in RecoverPoint already abused in espionage campaign First seen on theregister.com Jump to article: www.theregister.com/2026/02/20/cisa_dell_vulnerability/
-
U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog is…
-
CISA orders feds to patch actively exploited Dell flaw within 3 days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-dell-flaw-within-3-days/
-
Flaws in Google and Microsoft products added to Cisa catalogue
Cisa has added six CVEs to its Kev catalogue this week, including newly disclosed issues in Google Chromium and Dell RecoverPoint for Virtual Machines, and some older flaws as well First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639264/Flaws-in-Google-Microsoft-products-added-to-Cisa-catalogue
-
Flaws in Google, Microsoft products added to Cisa catalogue
Cisa has added six CVEs to its Kev catalogue this week, including newly-disclosed issues in Google Chromium and Dell RecoverPoint for Virtual Machines, and some older flaws as well. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639264/Flaws-in-Google-Microsoft-products-added-to-Cisa-catalogue
-
U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, google, infrastructure, kev, microsoft, ransomware, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws…
-
CISA Warns of Actively Exploited Google Chromium 0″‘Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Google Chromium engine to its Known Exploited Vulnerabilities (KEV) catalog. Tracking as CVE-2026-2441, this security flaw is currently being actively exploited in the wild. The agency’s inclusion of this bug serves as a mandate for federal agencies to apply necessary…
-
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
Tags: browser, chrome, cisa, cve, cybersecurity, exploit, flaw, google, infrastructure, kev, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2026-2441 (CVSS score: 8.8) – A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit…
-
(g+) Cisa-Warnung: Diese Schwachstellen sollten ganz hoch auf die Patch-Agenda
Aktiv ausgenutzte Schwachstellen: Die Cisa listet Solarwinds Web Help Desk, Notepad++ WinGUp und Apple dyld Zero Day. Was Admins jetzt konkret tun sollten. First seen on golem.de Jump to article: www.golem.de/news/cisa-warnung-diese-schwachstellen-sollten-ganz-hoch-auf-die-patch-agenda-2602-205457.html
-
CISA gives feds 3 days to patch actively exploited BeyondTrust flaw
CISA ordered U.S. government agencies on Friday to secure their BeyondTrust Remote Support instances against an actively exploited vulnerability within three days. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-beyondtrust-flaw-within-three-days/
-
Critical Airleader Vulnerability Exposes Systems to Exploitable Remote Attacks
Tags: attack, cisa, control, cve, cvss, cyber, flaw, infrastructure, remote-code-execution, risk, software, vulnerabilityA critical security vulnerability in Airleader Master software has been disclosed by CISA, exposing industrial control systems across multiple critical infrastructure sectors to potential remote code execution attacks. The flaw, tracked as CVE-2026-1358, affects versions up to and including 6.381 and carries a maximum CVSS score of 9.8, indicating severe risk to affected systems. The…
-
CISA Issues Alert on ZLAN ICS Flaws Enabling Full Device Takeover
Tags: advisory, cisa, cyber, cybersecurity, flaw, infrastructure, network, technology, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory regarding significant security flaws discovered in industrial networking equipment manufactured by ZLAN Information Technology Co. The alert, identified as ICSA-26-041-02, focuses on the ZLAN5143D serial-to-Ethernet device server, a component widely utilized to bridge legacy serial devices with modern network infrastructure. These vulnerabilities pose…
-
Don’t panic over CISA’s KEV list, use it smarter
In this Help Net Security video, Tod Beardsley, VP of Security Research at runZero, explains what CISA’s Known Exploited Vulnerabilities (KEV) Catalog is and how security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/16/cisa-kev-catalog-video/
-
Security Affairs newsletter Round 563 by Pierluigi Paganini INTERNATIONAL EDITION
Tags: attack, breach, cisa, data, data-breach, email, fintech, flaw, international, phishing, WeeklyReviewA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fintech firm Figure disclosed data breach after employee phishing attack U.S. CISA adds a flaw in…
-
U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), to its Known Exploited Vulnerabilities (KEV) catalog. This week BeyondTrust released security updates to…
-
U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), to its Known Exploited Vulnerabilities (KEV) catalog. This week BeyondTrust released security updates to…