Tag: kev
-
CISA Warns of Ivanti EPM Vulnerability Exploitation
CISA has added three critical-severity flaws in Ivanti EPM to its Known Exploited Vulnerabilities catalog. The post CISA Warns of Ivanti EPM Vulnerability Exploitation appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-ivanti-epm-vulnerability-exploitation/
-
CISA Added 3 Ivanti Endpoint Manager Bugs to Wildly Exploited Vulnerabilities Catalog
Tags: cisa, cyber, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with the addition of three high-risk security flaws affecting Ivanti Endpoint Manager (EPM). These vulnerabilities, which involve absolute path traversal issues, have been observed being actively exploited in the wild, prompting federal agencies and organizations to implement remediation measures before…
-
U.S. CISA adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: A Vietnamese cybercrime group, tracked as XE Group, is exploiting the above VeraCore vulnerabilities, deploying reverse shells and web shells…
-
CISOs müssen OT-Risiken stärker adressieren
Tags: china, ciso, cyber, cyberattack, exploit, firewall, hacker, infrastructure, Internet, iran, kev, kritis, military, ransomware, risk, technology, update, vulnerabilityDa Angriffe auf OT-Bereiche zunehmen, sollten CISOs einen Exposure-Management-Ansatz verfolgen.Die Bedrohungen gegen die Betriebstechnik (Operational Technology, OT) der kritischen Infrastruktur (KRITIS) verschärfen sich kontinuierlich. China baut offensive Komponenten in amerikanische Militär- und Unternehmensnetzwerke ein. Zudem haben chinesische Hacker Telekommunikationsunternehmen und Internetdienstleister infiltriert, um Zivilisten auszuspionieren. Seit etlichen Jahren, also bereits deutlich vor dem Angriffskrieg, greift…
-
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2024-57968 – An unrestricted file upload vulnerability in Advantive VeraCore First…
-
CISA Issues Alert on Actively Exploited VMware Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, linux, mitigation, threat, vmware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) escalated warnings on March 4, 2025, by adding four severe vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. Federal agencies and private organizations are urged to prioritize mitigation efforts, as threat actors are actively weaponizing these flaws in VMware ESXi, Workstation, Fusion, and the Linux kernel. CVE-2025-22225:…
-
CISA Expands Known Exploited Vulnerabilities Catalog with Four Critical Issues
The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog with four new vulnerabilities, adding to the growing list of cyber risks that have been actively exploited. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-known-exploited-vulnerabilities-catalog-3/
-
U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog
Tags: android, cisa, cve, cybersecurity, exploit, google, infrastructure, kev, linux, vmware, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The first issue, tracked as CVE-2024-50302, was addressed by Google with the release of the Android…
-
Several Flaws Added To CISA’s KEV List
First seen on scworld.com Jump to article: www.scworld.com/brief/several-flaws-added-to-cisas-kev-list
-
Several flaws added to CISA known exploited vulnerabilities catalog
First seen on scworld.com Jump to article: www.scworld.com/brief/several-flaws-added-to-cisa-known-exploited-vulnerabilities-catalog
-
Exploitation Long Known for Most of CISA’s Latest KEV Additions
Exploitation has been known for months or years for most of the latest vulnerabilities added by CISA to its KEV catalog. The post Exploitation Long Known for Most of CISA’s Latest KEV Additions appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-long-known-for-most-of-cisas-latest-kev-additions/
-
CISA Warns of Active Exploitation of Microsoft Windows Win32k Vulnerability
Tags: cisa, control, cyber, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2018-8639, a decade-old Microsoft Windows privilege escalation flaw, to its Known Exploited Vulnerabilities (KEV) catalog amid confirmed active attacks. First patched by Microsoft in December 2018, this Win32k kernel-mode driver vulnerability enables authenticated local attackers to execute arbitrary code with SYSTEM privileges, granting unfettered control over…
-
CISA Urges Government to Patch Exploited Cisco, Microsoft Flaws
CISA has added five more CVEs into its known exploited vulnerabilities catalog First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-govt-patch-exploited-cisco/
-
Newly Exploited Vulnerabilities Target Cisco, Microsoft, and More CISA Warns
The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding five vulnerabilities that have been actively exploited in the wild. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/new-known-exploited-vulnerabilities-to-catalog/
-
Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited”, CISA Sounds Alarm
Tags: cisa, cisco, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, microsoft, software, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The list of vulnerabilities is as follows -CVE-2023-20118 (CVSS score: 6.5) – A command injection First seen…
-
U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog
Tags: business, cisa, cisco, cybersecurity, exploit, infrastructure, kev, microsoft, router, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Goldflaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions for…
-
Ransomware criminals love CISA’s KEV list and that’s a bug, not a feature
1 in 3 entries are used to extort civilians, says new paper First seen on theregister.com Jump to article: www.theregister.com/2025/02/28/cisa_kev_list_ransomware/
-
CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
Tags: access, cisa, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities in question are as follows -CVE-2024-49035 (CVSS score: 8.7) – An improper access control First seen on…
-
CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability
CISA has added CVE-2024-20953, an Oracle Agile PLM vulnerability patched in January 2024, to its KEV catalog. The post CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-attacks-exploiting-oracle-agile-plm-vulnerability/
-
U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM)vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: CVE-2017-3066(CVSS score of 9.8) is a…
-
CISA KEV Catalog Updated with Adobe ColdFusion and Oracle Agile PLM Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog by adding two significant security flaws one affecting Adobe ColdFusion and the other impacting Oracle Agile Product Lifecycle Management (PLM). CVE-2017-3066 in… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cisa-kev-catalog-adobe-coldfusion-oracle-vulnerabilities/
-
CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical vulnerabilities, both actively being exploited in the wild. These vulnerabilities, related to Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM), have been identified as security risks to federal agencies and organizations worldwide. First seen…
-
CISA Alerts: Oracle Agile Vulnerability Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of a severe deserialization vulnerability (CVE-2024-20953) in Oracle Agile Product Lifecycle Management (PLM) software. Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February 24, 2025, the flaw allows attackers with low-privileged access to execute arbitrary code on unpatched…
-
Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities in question are listed below -CVE-2017-3066 (CVSS score: 9.8) – A deserialization vulnerability impacting First seen on thehackernews.com…
-
CISA Warns of Attacks Exploiting Craft CMS Vulnerability
CISA has added a Craft CMS flaw tracked as CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of Attacks Exploiting Craft CMS Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-attacks-exploiting-craft-cms-vulnerability/
-
U.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Craft CMS and Palo Alto Networks PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: Craft is a flexible, user-friendly CMS, affected…
-
CISA Warns of Active Exploitation of SonicWall SonicOS RCE Vulnerability
Tags: authentication, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vpn, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of critical remote code execution (RCE) vulnerability in SonicWall’s SonicOS, tracked as CVE-2024-53704. Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February 19, 2025, the flaw enables unauthenticated attackers to hijack SSL VPN sessions and bypass authentication mechanisms…
-
CISA Issues Warning on Palo Alto PAN-OS Security Flaw Under Attack
Tags: attack, authentication, cisa, cyber, cybersecurity, exploit, firewall, flaw, infrastructure, kev, network, vulnerabilityCISA and Palo Alto Networks are scrambling to contain widespread exploitation of a critical authentication bypass vulnerability (CVE-2025-0108) affecting firewall devices running unpatched PAN-OS software. The Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities Catalog on February 19, 2025, following a 900% surge in attack attempts over five days.…
-
U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: Researchers recently warned that threat actors…