Topic: cisa catalog
-
Urgent: Patch Windows SMB Flaw Being Actively Exploited
A critical Windows SMB Client vulnerability (CVE-2025-33073) is being actively exploited, allowing attackers to gain SYSTEM-level privileges through a malicious script that compromises SMB connections. Microsoft patched the flaw in June 2025, and CISA has added it to its Known Exploited Vulnerabi...
Read More » -
Zero-Day Attack Exploits Lanscope Endpoint Manager Flaw
A critical zero-day vulnerability (CVE-2025-61932) in Lanscope Endpoint Manager is being actively exploited, primarily targeting Japanese customers since April 2025. The flaw affects on-premises versions up to 9.4.7.1, allowing attackers to execute arbitrary code via TCP port 443, while the cloud...
Read More » -
Hackers Exploit Critical Oracle Flaw, CISA Confirms
CISA has added the critical Oracle E-Business Suite vulnerability CVE-2025-61884 to its Known Exploited Vulnerabilities catalog, confirming active exploitation and mandating federal agencies to patch by November 10, 2025. The vulnerability is an unauthenticated server-side request forgery (SSRF) ...
Read More » -
Microsoft Fixes Critical WSUS Flaw Under Active Attack
Microsoft has released an emergency patch for a critical, actively exploited vulnerability (CVE-2025-59287) in Windows Server Update Services, allowing unauthorized remote code execution without user interaction. The flaw is wormable and could enable attackers to take control of WSUS servers, pot...
Read More » -
Leaked Oracle EBS Exploit Fuels New Attack Wave (CVE-2025-61882)
A critical vulnerability chain in Oracle's E-Business Suite (CVE-2025-61882) is being actively exploited following the public leak of functional exploit scripts, enabling complete system compromise. The attack uses obfuscated HTTP requests to perform server-side request forgery, tricking the serv...
Read More »
