Tag: cisa
-
CISA warnt vor Emerson ValveLink – Sicherheitslücken in Lösung für industrielle Steuerungssysteme
Tags: cisaFirst seen on security-insider.de Jump to article: www.security-insider.de/cisa-warnung-sicherheitsluecken-emersons-valvelink-software-a-3ddc33466f3109fbb83c0638a95b1e25/
-
New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
Hackers are exploiting a new TeleMessage SGNL flaw that exposes sensitive data. CISA warns agencies to patch or stop using it by July 22. First seen on hackread.com Jump to article: hackread.com/telemessage-sgnl-flaw-actively-exploited-by-attackers/
-
Breach Roundup: Fashion House Louis Vuitton Confirms Breach
Also: CISA Warns of Unpatched Train Brake Vulnerability. This week: Louis Vuitton and Co-op confirm breaches, unpatched train brake flaw, Barclays fined £42M pounds for financial crime failures, secret U.K. program relocated thousands of Afghans, ex-soldier pleads guilty to hacking, Ukrainian hackers claim hit on Russian drone supplier. First seen on govinfosecurity.com Jump to article:…
-
‘FRED’ Security FAIL, Ignored by US Rail for 20 YEARS
BCH vs. SDR, AAR vs. CISA: Railroad industry first warned about this nasty vulnerability in 2005. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/train-fred-vuln-20-years-richixbw/
-
U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Wing FTP Server flaw, tracked as CVE-2025-47812, to its Known Exploited Vulnerabilities (KEV) catalog. Wing FTP Server is a secure and flexible file transfer solution that supports multiple protocols, including FTP,…
-
CISA Flags Remote Linking Protocol Flaws Allowing Attackers to Hijack Train Brake Systems
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority security alert warning of serious vulnerabilities in railway brake control systems that could allow attackers to commandeer train operations and potentially cause catastrophic accidents. The alert, published on July 10, 2025, identifies critical flaws in the End-of-Train and Head-of-Train remote linking protocol used across…
-
CISA Issues Alert on Actively Exploited Wing FTP Server Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Wing FTP Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the security flaw in the wild. Critical Security Flaw Enables System Takeover The vulnerability, tracked as CVE-2025-47812, affects Wing FTP Server and involves improper neutralization of null…
-
An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance
A 20-year-old flaw in End-of-Train and Head-of-Train systems could let hackers trigger emergency braking, finally getting proper attention. US CISA has warned about a critical flaw, tracked as CVE-2025-1727, in the radio-based linking protocol between End-of-Train (EoT) and Head-of-Train (HoT) systems. An End-of-Train (EoT) device, also known as a Flashing Rear End Device (FRED), is…
-
Exploited Wing file transfer bug risks ‘total server compromise,’ CISA warns
A critical vulnerability in products from the file transfer company Wing FTP Server is being actively exploited, the Cybersecurity and Infrastructure Security Agency said. First seen on therecord.media Jump to article: therecord.media/exploited-file-transfer-bug-cisa
-
A software-defined radio can derail a US train by slamming the brakes on remotely
Neil Smith has been trying to get the railroad industry to listen since 2012, but it took a CISA warning to get there First seen on theregister.com Jump to article: www.theregister.com/2025/07/14/train_brakes_flaw/
-
‘Critical’ Citrix NetScaler Vulnerability Now Seeing Exploitation: CISA
CISA ordered Federal Civilian Executive Branch agencies to implement fixes for a critical-severity vulnerability affecting two Citrix NetScaler products by end of day Friday. First seen on crn.com Jump to article: www.crn.com/news/security/2025/critical-citrix-netscaler-vulnerability-now-seeing-exploitation-cisa
-
CISA warns hackers are actively exploiting critical ‘Citrix Bleed 2’ security flaw
The U.S. cybersecurity agency gave federal agencies just one day to patch a security bug in Citrix Netscaler, which can be exploited to break into corporate and government networks. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/11/cisa-confirms-hackers-are-actively-exploiting-critical-citrix-bleed-2-bug/
-
CISA confirms hackers are actively exploiting critical ‘Citrix Bleed 2’ bug
The U.S. cybersecurity agency gave federal agencies just one day to patch a security bug in Citrix Netscaler, which can be exploited to break into corporate and government networks. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/11/cisa-confirms-hackers-are-actively-exploiting-critical-citrix-bleed-2-bug/
-
Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw
Critics have faulted Citrix for not updating its guidance in recent days, even as concerns grow about a resumption of the 2023 CitrixBleed crisis. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/researchers-cisa-exploitation-citrix-netscaler/752819/
-
CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’
The one-day deadline issued by CISA on Thursday appears to be the shortest one ever issued. Federal civilian agencies are typically given three weeks to patch bugs added to the known exploited vulnerability catalog. First seen on therecord.media Jump to article: therecord.media/cisa-orders-agencies-patch-citrix-bleed-2
-
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/
-
ISACA Addresses Experience Gap with CISA Associate Designation
Tags: cisaThe new CISA Associate designation recognizes ISACA members who have passed the CISA exam, but do not yet have the required experience First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/isaca-cisa-associate-designation/
-
CISA Alerts on Active Exploits Targeting Citrix NetScaler ADC and Gateway Flaw
Tags: cisa, citrix, cve, cyber, cybersecurity, exploit, flaw, infrastructure, network, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding active exploitation of a newly discovered vulnerability in Citrix NetScaler ADC and Gateway systems, with organizations facing an immediate deadline to implement protective measures. The vulnerability, designated CVE-2025-5777, poses significant security risks to enterprise networks worldwide and has been added to CISA’s…
-
CISA Issues 13 New Advisories on Industrial Control System Vulnerabilities and Exploits
Tags: cisa, control, cyber, cybersecurity, exploit, infrastructure, mitigation, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) released thirteen new Industrial Control Systems (ICS) advisories, spotlighting a range of security vulnerabilities and potential exploits affecting critical infrastructure components. These advisories are a vital resource for organizations relying on ICS technologies, offering detailed technical insights into current threats and actionable mitigations to safeguard operations. With industries…
-
U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler ADC and Gateway, tracked as CVE-2025-5777, to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2025-5777 flaw, dubbed ‘CitrixBleed 2’ (CVSS v4.0 Base Score…
-
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) catalog, officially confirming the vulnerability has been weaponized in the wild.The shortcoming in question is CVE-2025-5777 (CVSS score: 9.3), an instance of insufficient input validation that First seen…
-
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
Add CISA to the list First seen on theregister.com Jump to article: www.theregister.com/2025/07/10/cisa_citrixbleed_kev/
-
Trump seeks unprecedented $1.23 billion cut to federal cyber budget
Tags: attack, cisa, cyber, cybersecurity, data, government, infrastructure, jobs, network, nist, office, risk, risk-management, service, strategy, technology, threatCynthia Brumfield / CSO(The chart is based on White House data provided for 2017, 2018, 2019, 2020, 2021, 2022, and 2023. Numbers for 2024, 2025, and 2026 reflect adjustments that Trump’s OMB made for 2024 and 2025.)The administration’s cybersecurity budget cuts are not evenly distributed among federal agencies. In fact, according to crosscut tables released…
-
Security coalition urges Congress to renew 2015 CISA law
A group of top cybersecurity and technology firms said the law provided critical protections for sharing essential vulnerability information. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cyber-information-sharing-law-congress-reauthorize-security-coalition-letter/752454/
-
U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS) flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS) flaws to…
-
CISA Alerts on Active Exploit of Ruby on Rails Path Traversal Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical path traversal vulnerability in Ruby on Rails, designated as CVE-2019-5418. The agency added this five-year-old security flaw to its Known Exploited Vulnerabilities (KEV) catalog on July 7, 2025, signaling that threat actors are actively leveraging this…
-
CISA Alerts on Active Exploitation of PHPMailer Command Injection Flaw
Tags: cisa, cyber, cybersecurity, email, exploit, flaw, infrastructure, injection, open-source, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding the active exploitation of a long-standing vulnerability in PHPMailer, a widely used open-source email-sending library for PHP applications. The flaw, tracked as CVE-2016-10033, poses a significant threat to organizations relying on PHPMailer for email functionality within their web applications. Vulnerability Overview The PHPMailer…
-
CISA Issues Alert Over Actively Exploited Flaw in Zimbra Collaboration Suite
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an actively exploited vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS), urging organizations to take immediate action to mitigate the threat. The flaw, tracked as CVE-2019-9621, is a server-side request forgery (SSRF) vulnerability that resides in the ProxyServlet component of ZCS and has…
-
CISA Issues Alert Over Actively Exploited Flaw in Zimbra Collaboration Suite
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an actively exploited vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS), urging organizations to take immediate action to mitigate the threat. The flaw, tracked as CVE-2019-9621, is a server-side request forgery (SSRF) vulnerability that resides in the ProxyServlet component of ZCS and has…