CISA

A new joint venture has been established to protect U.S. TikTok user data and the platform's core algorithm, housing them…

A new international framework led by US, UK, and global agencies establishes security principles to protect operational technology (OT) environments,…

Jen Easterly, former head of CISA, is appointed CEO of RSA Conference, signaling a major leadership shift for the global…

A critical vulnerability (CVE-2025-8110) in the Gogs platform is being actively exploited, allowing authenticated users to achieve remote code execution…

A critical remote code execution flaw (CVE-2025-8110) in Gogs is being actively exploited, allowing attackers to run arbitrary commands by…

CISA has closed ten Emergency Directives from 2019-2024 after confirming their security goals were met, signaling a strategic shift from…

A critical unauthenticated remote code execution flaw (CVE-2025-69258) in Trend Micro Apex Central requires immediate patching, and CISA warns of…

CISA has retired ten Emergency Directives, as their required security measures are now fully implemented or superseded by the broader…

A critical, actively exploited vulnerability (CVE-2025-37164) in HPE OneView allows unauthenticated remote code execution, prompting urgent patching. The flaw is…

A data breach at Sedgwick Government Solutions exposed sensitive information from over twenty federal agency clients, including CISA, DHS, and…

A critical five-year-old Fortinet firewall flaw (CVE-2020-12812) allows attackers to bypass two-factor authentication by altering a username's case, and over…

A critical vulnerability (CVE-2025-13915) in IBM API Connect allows attackers to bypass authentication and gain unauthorized remote access, posing a…

Significant staffing cuts at CISA, the national cybersecurity agency, have created a severe operational crisis with a 40% vacancy rate…

A critical vulnerability in MongoDB, tracked as CVE-2025-14847 and dubbed MongoBleed, is being actively exploited to remotely steal sensitive data…

A ransomware attack disrupted administrative systems at Romania's national water authority, but crucial operational technology controlling physical water infrastructure like…

Tens of thousands of internet-facing Fortinet devices remain vulnerable to critical authentication bypass flaws (CVE-2025-59718/9), creating a massive attack surface…

Apple has released urgent security patches for two actively exploited zero-day vulnerabilities (CVE-2025-14174 and CVE-2025-43529) in its WebKit browser engine,…

MITRE and CISA have released the 2025 CWE Top 25, a critical ranking of the most dangerous software weaknesses based…

CISA has mandated federal agencies to patch a critical, actively exploited vulnerability (CVE-2025-58360) in GeoServer that allows attackers to steal…

A critical path traversal vulnerability (CVE-2025-6218) in WinRAR for Windows is being actively exploited, allowing attackers to execute arbitrary code…