Topic: cisa directives
-
US Agencies Still Vulnerable to Critical Cisco Flaws
CISA issued an emergency directive for U.S. federal agencies to patch two actively exploited Cisco vulnerabilities (CVE-2025-20333 and CVE-2025-20362), as many devices were incorrectly reported as secure. These vulnerabilities enable remote code execution and privilege escalation, and are linked ...
Read More » -
CISA Orders Agencies to Patch Critical Fortinet Flaw in 7 Days
CISA has mandated a 7-day deadline for U.S. government agencies to patch CVE-2025-58034, a critical Fortinet FortiWeb vulnerability being actively exploited in zero-day attacks. The vulnerability is an OS command injection flaw that allows authenticated attackers to execute arbitrary code with ro...
Read More » -
China-Linked Hackers Exploit Cisco Firewall Zero-Days
Cisco has released emergency patches for two actively exploited zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) in its ASA and FTD firewall software, linked to the ArcaneDoor espionage campaign. The vulnerabilities allowed attackers, suspected to be a China-based group, to execute co...
Read More » -
Critical SmarterMail Flaw Actively Exploited by Ransomware Gangs
A critical SmarterMail vulnerability (CVE-2026-24423) is being actively exploited, allowing unauthenticated attackers to execute remote code via a flawed API endpoint. The flaw affects all SmarterMail versions before build 100.0.9511, prompting urgent federal patching mandates and warnings for al...
Read More » -
Critical RCE Flaw Found in BeyondTrust Remote Support Software
A critical pre-authentication command injection flaw (CVE-2026-1731) in BeyondTrust's Remote Support and Privileged Remote Access software allows unauthenticated attackers to remotely execute arbitrary commands. The vulnerability, impacting thousands of on-premises instances, requires immediate m...
Read More »