Tag: cisa
-
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerabilities in question are listed below – CVE-2025-34291 (CVSS score: 9.4) – An origin validation error vulnerability in Langflow that could First…
-
CISA Warns Trend Micro Apex One Vulnerability Is Being Exploited in Attacks
CISA has added a newly disclosed vulnerability in Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is actively being exploited in real-world attacks. The issue, tracked as CVE-2026-34926, affects on-premise deployments of Trend Micro Apex One and poses a significant risk to enterprise environments. Micro Apex One Vulnerability…
-
CISA to allow researchers to report vulnerabilities to exploited bugs catalog
The Cybersecurity and Infrastructure Security Agency (CISA) announced the creation of a nomination form on Thursday that they said enables “researchers, vendors, and industry partners” to report bugs that need to be added to the Known Exploited Vulnerabilities catalog. First seen on therecord.media Jump to article: therecord.media/cisa-to-allow-researchers-to-report-vulnerabilities-kev
-
U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog
Tags: adobe, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2008-4250 (CVSS v3.1 score of 9.8) is a…
-
Lawmakers from both parties say CISA cuts have gone too far
Reps. Don Bacon, R-Neb., and James Walkinshaw, D-Va., found rare bipartisan agreement that the agency tasked with defending civilian networks has been diminished at a moment when threats from China and others are growing. First seen on cyberscoop.com Jump to article: cyberscoop.com/lawmakers-bipartisan-cisa-budget-cuts/
-
CISA chief frets about open-source vulnerabilities, delayed security improvements
Acting director Nick Andersen’s comments came as a wave of malware attacks hit tech that’s publicly available for collaboration. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-chief-frets-about-open-source-vulnerabilities-delayed-security-improvements/
-
CISA asks cybersecurity community to alert it to vulnerability exploitation
The agency wants to ensure that its public catalog of actively exploited flaws is as comprehensive as possible. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-cve-vulnerability-exploitation-nominations/820870/
-
Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)
Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/21/microsoft-defender-vulnerabilities-cve-2026-41091-cve-2026-45498/
-
CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository
CISA is investigating after a contractor’s public GitHub repository exposed AWS GovCloud credentials, internal files, and passwords. The post CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisa-contractor-github-credential-leak/
-
Senator presses CISA for answers about alleged GitHub repository leak
U.S. Senator Maggie Hassan (D-NH) sent a letter to the acting director of the Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday demanding answers about an alleged breach uncovered by cybersecurity reporter Brian Krebs involving government contractor Nightwing. First seen on therecord.media Jump to article: therecord.media/hassan-presses-cisa-github-leak
-
Passwörter auf Github geleakt: Peinliche Datenpanne bei US-Cyberbehörde Cisa
Forscher haben in einem öffentlichen Github-Repo interne Daten der Cisa gefunden. Sie hielten den Fund zunächst für einen Streich, doch es war keiner. First seen on golem.de Jump to article: www.golem.de/news/passwoerter-auf-github-geleakt-peinliche-datenpanne-bei-us-cyberbehoerde-cisa-2605-208857.html
-
CISA credential leak raises alarms, and Capitol Hill demands answers
A researcher who found a repository that leaked on GitHub said it was one of the worst he’s witnessed. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-credential-leak-congress-demands-answers/
-
CISA GitHub Leak Exposes AWS GovCloud Secrets
A public GitHub repository tied to a CISA contractor reportedly exposed AWS GovCloud credentials and internal deployment data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisa-github-leak-exposes-aws-govcloud-secrets/
-
CISA Exposes Secrets, Credentials in ‘Private’ Repo
The agency’s GitHub repository, publicly available since November 2025, was ironically named Private-CISA. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cisa-exposes-secrets-credentials-private-repo
-
In stunning display of stupid, secret CISA credentials found in public GitHub repo
SSH keys, plaintext passwords, other sensitive data had been up since November 2025. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2026/05/in-stunning-display-of-stupid-secret-cisa-credentials-found-in-public-github-repo/
-
US cyber agency CISA exposed reams of passwords and cloud keys to the open web
The federal cybersecurity agency left plaintext passwords in a spreadsheet uploaded to a public GitHub repository, per a report by independent journalist Brian Krebs. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/19/us-cyber-agency-cisa-exposed-reams-of-passwords-and-cloud-keys-to-the-open-web/
-
CISA Admin Reportedly Exposes AWS GovCloud Credentials in Public GitHub Repository
Tags: cisa, credentials, cyber, cybersecurity, data, data-breach, github, government, infrastructureA significant security lapse involving the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has come to light after a contractor reportedly exposed highly sensitive AWS GovCloud credentials in a public GitHub repository. The incident, disclosed by security researchers on May 15, 2026, is being described as one of the most serious government-related data exposures in…
-
Former CISA nominee Sean Plankey named US CEO of defense startup
UFORCE, a London-based company founded by Ukrainians, is looking to make drones in America. First seen on cyberscoop.com Jump to article: cyberscoop.com/former-cisa-nominee-sean-plankey-named-us-ceo-of-defense-startup/
-
U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, threat, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-42897 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft warned that threat actors are…
-
CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday
Cisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.” First seen on therecord.media Jump to article: therecord.media/cisa-orders-all-federal-agencies-to-patch-cisco-sd-wan-bug
-
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026.The vulnerability is a critical authentication bypass tracked as CVE-2026-20182. It’s First seen on thehackernews.com…
-
U.S. CISA adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Catalyst SD-WAN, tracked as CVE-2026-20182 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. Cisco fixed CVE-2026-20182, a flaw in SD-WAN control…
-
Langflow CVE-2026-33017 Exploited to Steal AWS Keys, Deploy NATS Worker
Langflow instances left unpatched against CVE-2026-33017 are now being actively abused not just for remote code execution, but as launchpads to steal AWS keys and join a NATS-backed botnet-style worker pool dubbed “KeyHunter.” The vulnerability, now listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog, affects Langflow public flow-building endpoint and allows arbitrary Python execution without…
-
Why patching SLAs should be the floor, not the strategy
SLAs measure discipline, not risk: Here’s the mental model I’ve been pushing with my peers. Think of patching SLAs the way you think of fire drills. Fire drills are necessary. They prove that, on a predictable cadence, your organization can execute a known procedure. No one in charge of a building full of people would…
-
U.S. CISA adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in BerriAI LiteLLM, tracked as CVE-2026-42208 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. At the end of April, attackers rapidly exploited the critical…
-
U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, mobile, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-6973 (CVSS score of 7.1), to its Known Exploited Vulnerabilities (KEV) catalog. Ivanti warns customers…
-
Has CISA Finally Found Its New Leader in Tom Parker?
Dark Reading investigates rumors that Tom Parker, a board room ‘operator’ and longtime cyber exec, could be next in line to take over CISA. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cisa-new-leader-tom-parker
-
CISA Warning: High-Severity Linux Flaw Puts Unpatched Systems at Risk
CISA warns that the nine-year-old Linux Copy Fail flaw is being actively exploited, allowing local attackers to gain root access on affected systems. The post CISA Warning: High-Severity Linux Flaw Puts Unpatched Systems at Risk appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-linux-kernel-vulnerability-root-access-cisa-warning/
-
U.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Palo Alto Networks PAN-OS, tracked as CVE-2026-0300 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is a buffer…