FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities

The Federal Bureau of Investigation FBI and CISA have released a Joint Cybersecurity Advisory CSA to warn users and administrators of the likelihood that advanced persistent threat APT actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and...

Ivanti Releases Pulse Secure Security Update

Ivanti has released a security update to address vulnerabilities affecting Pulse Connect Secure PCS software outlined in CVE-2021-22893. An attacker could exploit these vulnerabilities to gain system access and take control of an affected system. In response, CISA released AA21-110A: Exploitation...

NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks

CISA, the National Security Agency NSA, and the Federal Bureau of Investigation FBI have released a Joint Cybersecurity Advisory CSA on Russian Foreign Intelligence Service SVR actors scanning for and exploiting vulnerabilities to compromise U.S. and allied networks, including national security a...

RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)

Hikvision has released updates to mitigate a command injection vulnerability—CVE-2021-36260—in Hikvision cameras that use a web server service. A remote attacker could exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review Hikvision’s...

CISA Adds 15 Known Exploited Vulnerabilities to Catalog

CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and...

CISA Adds 15 Known Exploited Vulnerability to Catalog

CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and...

CISA Adds Nine Known Exploited Vulnerabilities to Catalog

CISA has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types a...

Microsoft Releases Out-of-Band Security Updates for Exchange Server

Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065—to take control of an affected syst...

CISA Adds 15 Known Exploited Vulnerabilities to Catalog

CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and...

Microsoft Releases Mitigations and Workarounds for CVE-2021-40444

Microsoft has released mitigations and workarounds to address a remote code execution vulnerability CVE-2021-40444 in Microsoft Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. This vulnerability has been detected in exploits in the...

Linux "Ghost" Remote Code Execution Vulnerability

The Linux GNU C Library glibc versions 2.2 and other 2.x versions before 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT recommends users a...

Vulnerabilities in LZO and LZ4 compression libraries

Recently disclosed vulnerabilities in the LZO and LZ4 compression libraries could allow remote code execution under certain circumstances. While these libraries are used by a large number of platforms and applications, not all programs may be vulnerable to exploitation. US-CERT recommends that al...

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

CISA and the United States Coast Guard Cyber Command CGCYBER have released a joint Cybersecurity Advisory CSA to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat APT actors, have continued to exploit CVE-2021-44228 Log4Shell in VMware Horizon®...

CISA Adds 13 Known Exploited Vulnerabilities to Catalog

CISA has added 13 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and...

CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228

CISA and its partners, through the Joint Cyber Defense Collaborative, are tracking and responding to active, widespread exploitation of a critical remote code execution vulnerability CVE-2021-44228 affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1. Log4j is very broadly used in...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-8398link is external Daemon Tools Lite Embedded Malicious Code Vulnerability CVE-2026-45321link is external TanStack Unspecified Vulnerability...

Oracle Releases Security Alert for Java Runtime Environment

Oracle has released a security alert to address a vulnerability in the Java Runtime Environment component of the Oracle Java SE and Java for Business products. Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and...

#StopRansomware - Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities

CISA, the National Security Agency NSA, the Federal Bureau of Investigation FBI, the Department of Health and Human Services HHS, and Republic of Korea’s Defense Security Agency and National Intelligence Service have released a joint Cybersecurity Advisory CSA, Ransomware Attacks on Critical...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added...

Dirty Pipe Privilege Escalation Vulnerability in Linux

CISA is aware of a privilege escalation vulnerability in Linux kernel versions 5.8 and later known as “Dirty Pipe” CVE-2022-0847. A local attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review CVE-2022-0847 and update to...

Atlassian Releases Security Advisory for Confluence Server and Data Center, CVE-2022-26134

Atlassian has released a security advisory to address a remote code execution vulnerability CVE-2022-26134 affecting Confluence Server and Data Center products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known...

Internet System Consortium releases BIND Patches

The Internet System Consortium has released updates for BIND to address multiple vulnerabilities. CVE-2011-2464 affects the following versions: 9.6.3; 9.6-ESV-R4 and later; 9.7.0 and later; 9.7.1 and later; 9.7.2 and later; 9.7.3 and later; 9.7.4b1; 9.8.0 and later; and 9.8.1b1. CVE-2011-2465...

Samba Releases Updates for 3.0.x - 3.6.3

Samba has released an update to address a vulnerability in Samba versions 3.6.3 and all previous versions. Exploitation of this vulnerability may allow a remote attacker to use anonymous connections to execute arbitrary code with root privileges. US-CERT encourages users and administrators to...

Unpatched Microsoft Exchange Servers Vulnerable to CVE-2020-0688

Microsoft Exchange Servers affected by a remote code execution vulnerability, known as CVE-2020-0688, continue to be an attractive target for malicious cyber actors. A remote attacker can exploit this vulnerability to take control of an affected system that is unpatched. Although Microsoft...

RCE Vulnerability Affecting Microsoft Defender

Microsoft has released a security advisory to address a remote code execution vulnerability, CVE-2021-1647, in Microsoft Defender. A remote attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. CISA encourages users...

Ivanti Updates Log4j Advisory with Security Updates for Multiple Products  

Ivanti has updated its Log4j Advisory with security updates for multiple products to address CVE-2021-44228. An unauthenticated attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Ivanti security advisories pages...

CISA Adds Thirteen Known Exploited Vulnerabilities to Catalog

CISA has added thirteen new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all typ...

F5 Security Advisory for RCE Vulnerabilities in BIG-IP, BIG-IQ

F5 has released a security advisory to address remote code execution RCE vulnerabilities—CVE-2021-22986, CVE-2021-22987—impacting BIG-IP and BIG-IQ devices. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators review the F...

OpenSSL Patches Multiple Vulnerabilities

OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam CVE-2015-4000. Exploitation of some of these vulnerabilities could allow the attacker to...

Apache Software Foundation Releases Security Updates

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may cause a remote attacker to obtain sensitive information. Users and administrators are encouraged to review Apache.org CVE-2017-5648, CVE-2017-5650, and...

Zoho Releases Security Update for ADSelfService Plus

Zoho has released a security update on a vulnerability CVE-2021-40539 affecting ManageEngine ADSelfService Plus builds 6113 and below. CVE-2021-40539 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine...

Microsoft Release Patch for Windows 7 and Windows Server 2008 R2 Systems

Microsoft has released security updates to address a vulnerability in Windows 7 x64 and Windows Server 2008 R2 x64 systems. Exploitation of this vulnerability may allow an attacker to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Vulnerability Not...

Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation

The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability CVE-2021-44228 affecting Log4j versions 2.0-beta9 to 2.14.1. A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-bas...

Microsoft Releases Workaround Guidance for MSDT "Follina" Vulnerability

Microsoft has released workaround guidance to address a remote code execution RCE vulnerability—CVE-2022-30190, known as "Follina"—affecting the Microsoft Support Diagnostic Tool MSDT in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected...

Internet Systems Consortium BIND Vulnerabilities

The Internet Systems Consortium ISC has released three advisories to address multiple vulnerabilities affecting BIND. The first advisory, CVE-2010-3613, addresses a vulnerability in BIND versions 9.6.2 to 9.6.2-P2, 9.6-ESV to 9.6-ESV-R2, and 9.70 to 9.7.2-P2. This vulnerability exists when cache...

CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities

Today, CISA and the Federal Bureau of Investigation FBI released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20963link is external Microsoft SharePoint Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for malicio...

Unpatched Microsoft Systems Vulnerable to CVE-2020-0796

The Cybersecurity and Infrastructure Security Agency CISA is aware of publicly available and functional proof-of-concept PoC code that exploits CVE-2020-0796 in unpatched systems. Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are...

Citrix Releases Security Updates for SD-WAN WANOP

Citrix has released security updates to address the CVE-2019-19781 vulnerability in Citrix SD-WAN WANOP. An attacker could exploit this vulnerability to take control of an affected system. Citrix has also released an Indicators of Compromise Scanner that aims to identify evidence of successful...

Apache Releases Security Updates for Apache Tomcat

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected server. US-CERT encourages users and administrators to review the Apache advisories for...

NSA Releases Advisory on Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006

The National Security Agency NSA has released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting...

SolarWinds Releases Advisory for Serv-U Vulnerability

SolarWinds has released an advisory addressing a vulnerability—CVE-2021-35211—affecting Serv-U Managed File Transfer and Serv-U Secure FTP. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Note: this vulnerability does not affect any other...

Microsoft Releases Out-of-Band Security Updates for PrintNightmare

Microsoft has released out-of-band security updates to address a remote code execution RCE vulnerability—known as PrintNightmare CVE-2021-34527—in the Windows Print spooler service. According to the CERT Coordination Center CERT/CC, “The Microsoft Windows Print Spooler service fails to restrict...

VMware Releases Multiple Security Updates

VMware has released security updates to address multiple vulnerabilities—CVE-2021-21972, CVE-2021-21973, CVE-2021-21974—in ESXi, vCenter Server, and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and...

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on February 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server

Microsoft has released Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server. According to the blog post, “Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems.” The two vulnerabilities are CVE-2022-41040 and...

NSA Releases Advisory on BlueKeep Vulnerability

The National Security Agency NSA has released a cybersecurity advisory for CVE-2019-0708—a vulnerability dubbed BlueKeep. Although Microsoft has issued a patch, potentially millions of machines are still unpatched and remain vulnerable. The Cybersecurity and Infrastructure Security Agency CISA...

Zoho Releases Security Update on ManageEngine Desktop Central

Zoho has released a security update on a vulnerability CVE-2020-10189 affecting ManageEngine Desktop Central build 10.0.473 and below. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine Desktop Central is a unified endpoint management solution...

F5 Releases Security Advisories Addressing Multiple Vulnerabilities

F5 has released security advisories on vulnerabilities affecting multiple products, including various versions of BIG-IP. Included in the release is an advisory for CVE-2022-1388, which allows undisclosed requests to bypass the iControl REST authentication in BIG-IP. An attacker could exploit...

CISA Issues Emergency Directive on Microsoft Windows Print Spooler

CISA has issued Emergency Directive ED 21-04: Mitigate Windows Print Spooler Service Vulnerability addressing CVE-2021-34527. Attackers can exploit this vulnerability to remotely execute code with system level privileges enabling a threat actor to quickly compromise the entire identity...