Tag: cisa
-
CISA Issues Five New ICS Advisories on Emerging Vulnerabilities and Exploits
Tags: cisa, control, cyber, cybersecurity, exploit, healthcare, infrastructure, software, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) released five critical advisories on December 2, 2025, addressing high-severity vulnerabilities affecting industrial control systems across multiple vendors. The advisories span video surveillance platforms, intelligent metering gateways, medical imaging software, and manufacturing control systems, collectively impacting critical infrastructure sectors worldwide, including energy, healthcare, and water systems. The most…
-
CISA Warns of Severe Flaws in Nuclear Med Tracking Software
Mirion Medical Says Bugs Are Fixed in New Release of BioDose/NMIS Software. U.S. federal authorities are warning that several high-severity vulnerabilities discovered in Mirion Medical Co. inventory tracking software used by nuclear medicine departments could allow attackers to modify program executables and gain access to sensitive information. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisa-warns-severe-flaws-in-nuclear-med-tracking-software-a-30189
-
U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OpenPLC ScadaBR flaw, tracked as CVE-2021-26829 (CVSS score of 5.4), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a cross-site scripting (XSS) flaw that impacts Windows and Linux versions via system_settings.shtm.…
-
U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OpenPLC ScadaBR flaw, tracked as CVE-2021-26829 (CVSS score of 5.4), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a cross-site scripting (XSS) flaw that impacts Windows and Linux versions via system_settings.shtm.…
-
CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, linux, software, vulnerability, windows, xssThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation.The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via First seen on…
-
Cyberbehörde warnt: Signal- und Whatsapp-Nutzer laufend mit Spyware attackiert
Zuletzt sind wiederholt Spyware-Attacken auf Nutzer von Whatsapp und Signal beobachtet worden. Die Cisa warnt und benennt Schutzmaßnahmen. First seen on golem.de Jump to article: www.golem.de/news/cyberbehoerde-warnt-signal-und-whatsapp-nutzer-laufend-mit-spyware-attackiert-2511-202654.html
-
State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns
CISA, the US Cybersecurity and Infrastructure Security Agency, has issued a new warning that cybercriminals and state-backed hacking groups are using spyware to compromise smartphones belonging to users of popular encrypted messaging apps such as Signal, WhatsApp, and Telegram. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/state-backed-spyware-attacks-are-targeting-signal-and-whatsapp-users-cisa-warns
-
CISA urges mobile security as it warns of sophisticated spyware attacks
The agency’s rare warning about spyware activity comes as it updated mobile security guidance to reflect evolving threats. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-spyware-alert-messaging-apps-security-warning/806429/
-
CISA urges mobile security as it warns of sophisticated spyware attacks
The agency’s rare warning about spyware activity comes as it updated mobile security guidance to reflect evolving threats. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-spyware-alert-messaging-apps-security-warning/806429/
-
CISA warns spyware crews are breaking into Signal and WhatsApp accounts
Attackers sidestep encryption with spoofed apps and zero-click exploits to compromise ‘high-value’ mobile users First seen on theregister.com Jump to article: www.theregister.com/2025/11/25/cisa_spyware_gangs/
-
Spyware and RATs used to target WhatsApp and Signal Users
CISA warns that threat actors are actively using commercial spyware and RATs to target users of mobile messaging apps WhatsApp and Signal. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of threat actors using commercial spyware and remote access trojans (RATs) to target users of popular instant messaging applications, including WhatsApp and Signal.…
-
CISA alert draws attention to spyware’s targeting of messaging apps
The agency’s brief notice also directed messaging app users to advice on how to protect themselves. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps/
-
Ex-CISA officials, CISOs dispel ‘hacklore,’ spread cybersecurity truths
Don’t believe everything you read First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/hacklore_launch/
-
CISA alert draws attention to spyware’s targeting of messaging apps
The agency’s brief notice also directed messaging app users to advice on how to protect themselves. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps/
-
Ex-CISA officials, CISOs dispel ‘hacklore,’ spread cybersecurity truths
Don’t believe everything you read First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/hacklore_launch/
-
‘Critical’ Flaw In Oracle Fusion Middleware Exploited In Attacks
Tags: attack, cisa, cyberattack, cybersecurity, exploit, flaw, identity, infrastructure, oracle, tool, vulnerabilityA critical-severity vulnerability that impacts the Identity Manager tool within Oracle’s Fusion Middleware platform has seen exploitation in cyberattacks, according to the U.S. Cybersecurity and Infrastructure Security Agency. First seen on crn.com Jump to article: www.crn.com/news/security/2025/cisa-critical-flaw-in-oracle-fusion-middleware-exploited-in-attacks
-
‘Critical’ Flaw In Oracle Fusion Middleware Exploited In Attacks
Tags: attack, cisa, cyberattack, cybersecurity, exploit, flaw, identity, infrastructure, oracle, tool, vulnerabilityA critical-severity vulnerability that impacts the Identity Manager tool within Oracle’s Fusion Middleware platform has seen exploitation in cyberattacks, according to the U.S. Cybersecurity and Infrastructure Security Agency. First seen on crn.com Jump to article: www.crn.com/news/security/2025/cisa-critical-flaw-in-oracle-fusion-middleware-exploited-in-attacks
-
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/cisa_oracle_identity_manager/
-
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/cisa_oracle_identity_manager/
-
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/cisa_oracle_identity_manager/
-
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/cisa_oracle_identity_manager/
-
CISA Urges Patch of Actively Exploited Flaw in Oracle Identity Manager
The US cybersecurity agency has added the critical flaw to its Known Exploited Vulnerabilities list First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-kev-oracle-identity-manager/
-
Security Affairs newsletter Round 551 by Pierluigi Paganini INTERNATIONAL EDITION
Tags: attack, cisa, cyberespionage, email, international, malware, oracle, supply-chain, WeeklyReviewA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks U.S. CISA adds an Oracle…
-
CISA Issues Warning as Hackers Target Oracle Identity Manager RCE Flaw
Tags: authentication, cisa, cve, cyber, cybersecurity, exploit, flaw, hacker, identity, infrastructure, kev, oracle, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new Oracle vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that attackers are already exploiting it in real-world attacks. The bug, tracked as CVE-2025-61757, affects Oracle Identity Manager, part of Oracle Fusion Middleware. The flaw is rated as a “missing authentication for critical…
-
U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog
Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, oracle, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a an Oracle Fusion Middleware flaw, tracked as CVE-2025-61757 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a missing authentication for a critical function that…
-
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, identity, infrastructure, kev, oracle, vulnerability, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated First seen…