Topic: cisa kev
-
Urgent CISA Alert: Active Oracle Identity Manager RCE Exploits
A critical security vulnerability (CVE-2025-61757) in Oracle Identity Manager allows attackers to execute remote code without authentication by exploiting weaknesses in REST API security filters. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to pat...
Read More » -
CISA Flags Spyware Zero-Day in Urgent Security Alert
US authorities issued a critical security alert for a high-risk vulnerability in Samsung mobile devices, exploited since mid-2024 to install spyware via malicious files on WhatsApp. The vulnerability, CVE-2025-21042 with a CVSS score of 9.8, enables attackers to use LandFall spyware for surveilla...
Read More » -
Exploit Alert: Critical Adobe Experience Manager Flaw (CVE-2025-54253)
A critical security flaw (CVE-2025-54253) in Adobe Experience Manager Forms allows unauthenticated attackers to execute remote code, prompting CISA to flag it due to active exploitation. The vulnerability arises from Apache Struts "devMode" being enabled in the administrative interface combined w...
Read More » -
Critical Git RCE Flaw (CVE-2025-48384) Actively Exploited by Attackers
A critical Git vulnerability (CVE-2025-48384) allows arbitrary code execution via maliciously crafted submodules, affecting macOS and Linux systems. CISA has confirmed active exploitation and mandated federal agencies to patch by September 15, 2025, with fixed Git versions released on July 8, 202...
Read More » -
Urgent Apple Update Fixes Critical Security Exploits
Apple has released urgent security patches for two actively exploited zero-day vulnerabilities (CVE-2025-14174 and CVE-2025-43529) in its WebKit browser engine, which is used across iPhones, iPads, and Macs. The flaws, discovered through a collaboration between Apple and Google, could allow memor...
Read More » -
Google Patches Actively Exploited Zero-Day Vulnerabilities
Google has released a critical Android security update patching over 100 vulnerabilities, including three severe flaws that are under active, targeted exploitation. Two high-severity information disclosure vulnerabilities (CVE-2025-48633 & CVE-2025-48572) can expose sensitive data or grant elevat...
Read More » -
Urgent Microsoft WSUS Flaw Actively Exploited After Patch
A severe security vulnerability (CVE-2025-59287) in Microsoft's WSUS allows unauthenticated remote code execution with SYSTEM privileges, prompting an urgent out-of-band patch due to incomplete initial fixes. The flaw arises from unsafe deserialization via BinaryFormatter in the `GetCookie()` end...
Read More »