Tag: cisa
-
CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang
Check Point said hackers broke into dozens of organizations by exploiting a VPN bug in several of its products used across the government. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/09/cisa-gives-us-federal-agencies-three-days-to-fix-a-vpn-bug-under-attack-by-a-ransomware-gang/
-
CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector
Acting director Nick Andersen said a binding operational directive is en route for agencies, and that more specific discussions need to happen with critical infrastructure owners. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-cyber-risk-prioritization-vulnerability-directive/
-
LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)
Tags: ai, attack, cisa, cybersecurity, exploit, infrastructure, injection, open-source, vulnerabilityA command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/09/litellm-vulnerability-under-active-attack-cisa-warns-cve-2026-42271/
-
U.S. CISA adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two flaws added to the catalog are: The CVE-2026-42271…
-
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
Tags: access, attack, cisa, exploit, government, mobile, ransomware, update, vpn, vulnerability, zero-dayCISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-check-point-flaw-exploited-by-ransomware-gangs/
-
CISA listet zwei aktiv ausgenutzte Schwachstellen – Langflow und Apex One: Aktive Exploits, neu im KEV-Katalog
First seen on security-insider.de Jump to article: www.security-insider.de/cisa-kev-langflow-apex-one-aktive-exploits-schadcode-a-88563eb0a1c2fd78349082393699cb39/
-
Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)
A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/08/cisa-patch-actively-exploited-solarwinds-serv-u-dos-vulnerability-cve-2026-28318/
-
Security Affairs newsletter Round 580 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog Report: Anthropic Deploys Engineers…
-
U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Serv-U flaw, tracked as CVE-2026-28318 (CVSS ver 3.1 score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. SolarWinds Serv-U is a managed file transfer (MFT) and secure file…
-
CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, risk, service, threat, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability in SolarWinds Serv-U to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-28318, this flaw allows unauthenticated threat actors to remotely crash the file transfer service. With active exploitation observed in the wild, this development signals a severe risk to enterprise…
-
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
Tags: cisa, cve, cybersecurity, dos, exploit, flaw, infrastructure, kev, service, software, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash First seen on thehackernews.com…
-
Hackers actively exploit SolarWinds Serv-U flaw to crash servers, CISA warns
First seen on scworld.com Jump to article: www.scworld.com/brief/hackers-actively-exploit-solarwinds-serv-u-flaw-to-crash-servers-cisa-warns
-
Hackers now exploit SolarWinds Serv-U flaw to crash servers
CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-hackers-now-exploit-solarwinds-serv-u-flaw-to-crash-servers/
-
Ex-CISA CIO Breaks Down Trump’s New AI Executive Order
Bob Costello on Voluntary Plan’s Impact on Collaboration – and CISA’s Pivotal Role. Former CISA CIO Bob Costello said President Trump’s voluntary AI cybersecurity review order provides a workable foundation for government-industry collaboration, though agencies will need time and resources to meet accelerated 30-day evaluations of advanced AI systems. First seen on govinfosecurity.com Jump to…
-
New CISA Warning: Hackers Are Targeting Fuel Tank Monitoring Systems
CISA warns attackers are targeting internet-exposed Automatic Tank Gauge systems used in fuel storage. Here’s what operators should fix now. The post New CISA Warning: Hackers Are Targeting Fuel Tank Monitoring Systems appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisa-atg-systems-fuel-storage-cyberattacks/
-
CISA Issues Alert on Actively Exploited Linux Kernel Security Flaw
Tags: authentication, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, linux, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a fresh alert warning organizations about the active exploitation of a Linux kernel vulnerability tracked as CVE-2022-0492. The flaw, categorized as an improper authentication issue, affects Linux systems using the cgroups v1 release_agent feature and can allow attackers to escalate privileges within compromised environments. Linux…
-
Trump considers Palantir exec to lead CISA
Shyam Sankar, the chief technology officer at Palantir Technologies, has emerged as a lead contender for the long vacant Cybersecurity and Infrastructure Security Agency (CISA) director role, according to the sources, who requested anonymity to discuss the administration’s search. First seen on therecord.media Jump to article: therecord.media/trump-considers-palantir-exec-to-lead-cisa
-
Hill Dems hammer GOP for $250M CISA budget cut
Tags: cisaA House Appropriations subcommittee is set to mark up fiscal 2027 DHS funding legislation Friday. First seen on cyberscoop.com Jump to article: cyberscoop.com/hill-dems-hammer-gop-for-250m-cisa-budget-cut/
-
DHS Secretary Says Smaller CISA Can Handle New Duties
Secretary Mullin Defends Trump’s CISA Cuts Despite New Duties – and Threats. Homeland Security Secretary Markwayne Mullin told lawmakers that CISA can remain effective despite losing more than 1,000 employees by relying more heavily on state governments, private-sector partners and grant funding, even as Congress questions the agency’s capacity and expanding mission. First seen on…
-
U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Mirasvit Full Page Cache Warmer flaw, tracked as CVE-2026-45247 (CVSS ver 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2026-45247 flaw is a…
-
CISA Urges OT Operators to Plan for Worst Case Scenarios
Does No Internet Also Mean No Water or Lights?. The latest initiative from the U.S. cyber defense agency aimed at operational technology operators is a little bit different. It’s not advice about how to keep hackers out. It’s not really about cybersecurity at all. CI Fortify is about what to do when cybersecurity fails. First…
-
CISA chief says Trump AI executive order implementation will start soon
The agency, depleted after several rounds of cuts imposed by the White House, insists it can handle its new AI security responsibilities. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-ai-trump-executive-order-implementation/822001/
-
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted First seen…
-
CISA Alerts Users to Actively Exploited Android Framework Security Vulnerability
CISA has issued an urgent alert warning of an actively exploited Android Framework vulnerability, tracked as CVE-2025-48595, and has added it to its Known Exploited Vulnerabilities (KEV) catalog. The agency has set a strict remediation deadline of June 5, 2026, urging organizations to take immediate action to mitigate potential risks associated with this flaw. Android…
-
CISA directive for AI executive order to be released this week, Andersen says
The binding operational directive will focus in part on “vulnerability alleviation and vulnerability management,” Andersen said in remarks delivered at the TechNet Cyber conference in Baltimore. First seen on therecord.media Jump to article: therecord.media/cisa-directive-for-ai-exec-order-release
-
CISA adds Android and Linux kernel flaws to exploited vulnerabilities catalog
First seen on scworld.com Jump to article: www.scworld.com/brief/cisa-adds-android-and-linux-kernel-flaws-to-exploited-vulnerabilities-catalog
-
CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited
CISA added Oracle WebLogic flaw CVE-2024-21182 to its KEV catalog, giving federal agencies until June 4 to patch exposed servers. The post CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisa-oracle-weblogic-vulnerability-exploited/
-
CISA warns of cyberattacks targeting fuel tank monitoring systems
CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-cyberattacks-targeting-fuel-tank-monitoring-systems/
-
DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels
Tags: cisaHe told lawmakers that he wants approximately 600 more people than it has now, which would still be well below personnel numbers prior to Trump’s second term. First seen on cyberscoop.com Jump to article: cyberscoop.com/dhs-secretary-markwayne-mullin-pinpoints-optimal-cisa-staffing-levels/
-
DHS chief signals efforts to reshape CISA
In his first appearance before the panel since being confirmed in March, Mullin said that CISA probably needs “somewhere around” 2,800 employees, despite its ability to hire up to 3,400. First seen on therecord.media Jump to article: therecord.media/dhs-chief-signals-efforts-to-reshape-cisa