A critical SQL injection vulnerability (CVE-2024-43468) in Microsoft Configuration Manager is now being actively exploited, allowing unauthenticated attackers to execute…
Read More »CISA
Entity category: organization
Legacy industrial control protocols lack built-in security features like authentication and encryption, leaving critical infrastructure vulnerable to attacks that can…
Read More »
A critical vulnerability (CVE-2026-1281) in Ivanti's EPMM platform is being actively exploited, with attackers implanting hidden, dormant backdoors that are…
Read More »
Cybersecurity researchers have identified an active campaign exploiting critical vulnerabilities (CVE-2025-40551 and CVE-2025-26399) in SolarWinds Web Help Desk software to…
Read More »
US federal agencies must remove all outdated public-facing network hardware within one year, as mandated by CISA's Binding Operational Directive…
Read More »
A ransomware attack on SmarterTools began via an unpatched, employee-created virtual machine running outdated SmarterMail software, which allowed lateral movement…
Read More »
A critical SmarterMail vulnerability (CVE-2026-24423) is being actively exploited, allowing unauthenticated attackers to execute remote code via a flawed API…
Read More »
The U.S. CISA has issued a binding directive (BOD 26-02) requiring federal agencies to identify and replace outdated, unsupported networking…
Read More »
A critical, unauthenticated remote code execution flaw (CVE-2026-24423) in SmarterMail is being actively exploited by ransomware groups, prompting urgent warnings…
Read More »
CISA mandates federal agencies to urgently replace end-of-life network hardware like routers and firewalls, as these unsupported devices are a…
Read More »
A critical VMware ESXi vulnerability (CVE-2025-22225) is now actively exploited by ransomware groups, prompting urgent patching calls from CISA. The…
Read More »
A critical vulnerability (CVE-2025-40551) in SolarWinds Web Help Desk is under active attack, allowing unauthenticated attackers to execute remote code…
Read More »
CISA warns that a critical, patched VMware ESXi vulnerability (CVE-2025-22225) is now being actively exploited by ransomware groups to escape…
Read More »
A critical, years-old GitLab vulnerability (CVE-2021-39935) is now being actively exploited, prompting urgent warnings from U.S. cybersecurity authorities. CISA has…
Read More »
New guidance reframes insider risk as a core organizational challenge, requiring a proactive and collaborative approach that integrates security, HR,…
Read More »
Druva's new Threat Watch solution provides continuous, automated threat monitoring for backup data, proactively scanning snapshots to uncover hidden threats…
Read More »
The acting head of CISA inadvertently uploaded sensitive, unclassified government documents to the public ChatGPT, bypassing approved internal tools and…
Read More »
A critical security flaw (CVE-2024-37079) in VMware vCenter Server is under active exploitation, allowing remote code execution via a low-complexity…
Read More »
CISA has released its first official list of product categories supporting post-quantum cryptography (PQC), providing a roadmap for organizations to…
Read More »
CISA has issued a critical alert, adding four actively exploited software vulnerabilities to its KEV catalog, impacting tools from Versa,…
Read More »