Tag: cisa
-
CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including First seen on thehackernews.com…
-
CISA Warns of Active Exploitation of WatchGuard Firebox OutBounds Write Flaw
Tags: cisa, cve, cyber, cybersecurity, exploit, firewall, flaw, infrastructure, kev, network, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting WatchGuard Firebox firewalls to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-9242, poses severe risks to organizations relying on these devices for network security. The Vulnerability WatchGuard Firebox firewalls contain an out-of-bounds write…
-
Federal Shutdown Deal Revives Key CISA Grant, Some Staffing
CISA Pre-Shutdown Staffing Levels, State Grant Program to Be Restored Under Plan. A congressional funding bill would reverse shutdown-era layoffs at the Cybersecurity and Infrastructure Security Agency and restore the $1B State and Local Cybersecurity Grant Program, temporarily stabilizing the agency’s operations and buying Congress time for long-term reforms. First seen on govinfosecurity.com Jump to…
-
Federal agencies not fully patching vulnerable Cisco devices amid ‘active exploitation,’ CISA warns
Federal civilian agencies are not patching vulnerable Cisco devices sufficiently to protect themselves from an active hacking campaign, the Cybersecurity and Infrastructure Security Agency warned. First seen on therecord.media Jump to article: therecord.media/federal-cisco-patches-warning
-
Federal agencies not fully patching vulnerable Cisco devices amid ‘active exploitation,’ CISA warns
Federal civilian agencies are not patching vulnerable Cisco devices sufficiently to protect themselves from an active hacking campaign, the Cybersecurity and Infrastructure Security Agency warned. First seen on therecord.media Jump to article: therecord.media/federal-cisco-patches-warning
-
Lion Safe-Zone
Hat Tip to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending this highly entertaining security comic! Original H/T to the original post Nick VanGlider @nickvangilder First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/lion-safe-zone/
-
Lion Safe-Zone
Hat Tip to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending this highly entertaining security comic! Original H/T to the original post Nick VanGlider @nickvangilder First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/lion-safe-zone/
-
US cyber intel sharing law set for temporary extension
The US’ CISA 2015 cyber intelligence sharing law that lapsed just over a month ago amid a wider shutdown, will receive a temporary lease of life should attempts to reopen the federal government succeed. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366634452/US-cyber-intel-sharing-law-set-for-temporary-extension
-
US Congress Moves to Revive CISA 2015 After Shutdown
Lawmakers Include Extension of Cyberthreat Sharing Law in Shutdown Resolution. A statute underpinning corporate cybersecurity information sharing may come back into effect along with funding to reopen the U.S. federal government after six weeks of being shutdown. The Cybersecurity Information Sharing Act of 2015 expired the same day Washington shut down on Oct. 1. First…
-
Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)
CISA has added CVE-2025-21042, a vulnerability affecting Samsung mobile devices, to its Known Exploited Vulnerabilities (KEV) catalog, and has ordered US federal civilian … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/11/samsung-spyware-cve-2025-21042/
-
Senate moves to restore lapsed cybersecurity laws after shutdown
Tags: cisa, cyber, cyberattack, cybersecurity, data, defense, detection, government, infrastructure, intelligence, jobs, law, monitoring, network, service, threatWhat the lapse meant for enterprises: The expiration of CISA 2015 eliminated legal protections for sharing threat information, disrupting the real-time intelligence exchanges that had become routine over the past decade. Without its statutory shields, organizations faced potential liability for monitoring networks, sharing defensive measures, and coordinating responses with peers and federal agencies.The law had…
-
Senate moves to restore lapsed cybersecurity laws after shutdown
Tags: cisa, cyber, cyberattack, cybersecurity, data, defense, detection, government, infrastructure, intelligence, jobs, law, monitoring, network, service, threatWhat the lapse meant for enterprises: The expiration of CISA 2015 eliminated legal protections for sharing threat information, disrupting the real-time intelligence exchanges that had become routine over the past decade. Without its statutory shields, organizations faced potential liability for monitoring networks, sharing defensive measures, and coordinating responses with peers and federal agencies.The law had…
-
CISA Adds Zero-Day Bug Used in Spyware Attacks to KEV
CISA has demanded federal agencies patch a zero-day vulnerability affecting Samsung devices used in LandFall spyware attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-zeroday-bugspyware-attacks-kev/
-
U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung mobile devices flaw, tracked as CVE-2025-21042 (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. The now-patched Samsung Galaxy flaw CVE-2025-21042 was exploited as a zero-day…
-
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, mobile, rce, remote-code-execution, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. Tracked as CVE-2025-21042, this zero-day flaw resides in Samsung’s libimagecodec library. It could allow attackers to bypass security protections and execute arbitrary code…
-
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, mobile, rce, remote-code-execution, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. Tracked as CVE-2025-21042, this zero-day flaw resides in Samsung’s libimagecodec library. It could allow attackers to bypass security protections and execute arbitrary code…
-
CISA orders feds to patch Samsung zero-day used in spyware attacks
CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-samsung-zero-day-used-in-spyware-attacks/
-
CISA orders feds to patch Samsung zero-day used in spyware attacks
CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-samsung-zero-day-used-in-spyware-attacks/
-
Critical federal cybersecurity funding set to resume as government shutdown draws to a close – for now
Resolution acquiesced to by 8 Dems includes CISA Act funding, layoff reversals, and could be easily undone First seen on theregister.com Jump to article: www.theregister.com/2025/11/10/federal_cybersecurity_funding_set_to_resume/
-
Critical federal cybersecurity funding set to resume as government shutdown draws to a close – for now
Resolution acquiesced to by 8 Dems includes CISA Act funding, layoff reversals, and could be easily undone First seen on theregister.com Jump to article: www.theregister.com/2025/11/10/federal_cybersecurity_funding_set_to_resume/
-
CISA’s expiration leaves a dangerous void in US cyber collaboration
Each day without reauthorization erodes the trust, coordination, and shared visibility that have underpinned the resilience of America’s most critical systems. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-information-sharing-lack-of-info-dangerous-op-ed/
-
CISA’s expiration leaves a dangerous void in US cyber collaboration
Each day without reauthorization erodes the trust, coordination, and shared visibility that have underpinned the resilience of America’s most critical systems. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-information-sharing-lack-of-info-dangerous-op-ed/
-
Check Point erzielt mit 99,59 Prozent die höchste Sicherheitseffektivität im NSS Labs Firewall-Test
Darüber hinaus verglich NSS Labs die Sicherheitslage mithilfe des CISA Known Exploited Vulnerability (KEV)-Trackings. Im Testzeitraum wies Check Point nur eine Schwachstelle auf, während andere führende Anbieter 10- bis 23-mal mehr verzeichneten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-erzielt-mit-9959-prozent-die-hoechste-sicherheitseffektivitaet-im-nss-labs-firewall-test/a42645/
-
CISA Defends Layoffs Amid Union Injunction
CISA Argues None of 54 Fired Workers Fall Under Union Protections. The Cybersecurity and Infrastructure Security Agency told a federal court it complied with an injunction blocking shutdown-related layoffs by sending reduction-in-force notices only to non-union staff within a unit vital to coordination with state, local and private-sector defenders. First seen on govinfosecurity.com Jump to…