4188 matches found
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which require remediation from federal civilian executive branch FCEB agencies by December 1, 2021. CISA has evidence that threat actors are actively exploiting the vulnerabilities listed in the table below...
Internet Information Services (IIS) 6.0 Vulnerability
US-CERT is aware of active exploitation of a vulnerability in Windows Server 2003 Operating System Internet Information Services IIS 6.0. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. On June 15, 2015, Microsoft ended support for Windows...
Updates on Microsoft Exchange Server Vulnerabilities
CISA has added seven Malware Analysis Reports MARs to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. Each MAR identifies a webshell associated with exploitation of the vulnerabilities in Microsoft Exchange Server products. After successful exploiting a Microsoft Exchange...
Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156
Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 1.8.2 through 1.8.31p2 and stable versions 1.9.0 through 1.9.5p1. Sudo is a utility included in many Unix- and Linux-based operating systems that allows a user to run...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-10520link is external Ivanti Sentry OS Command Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and...
NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability
The National Security Agency NSA has released a cybersecurity advisory on Russian advanced persistent threat APT group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent MTA software. An unauthenticated remote attacker can use this vulnerability to send a specially...
Spring Releases Security Updates Addressing "Spring4Shell" and Spring Cloud Function Vulnerabilities
Spring by VMWare has released Spring Cloud Function versions 3.1.7 and 3.2.3 to address remote code execution RCE vulnerability CVE-2022-22963 as well as Spring Framework versions 5.3.18 and 5.2.20 to address RCE vulnerability CVE-2022-22965, known as “Spring4Shell.” A remote attacker could explo...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types an...
Google Releases Security Updates for Chrome
Google has released Chrome version 94.0.4606.61 for Windows, Mac, and Linux. This version addresses a vulnerability—CVE-2021-37973—that an attacker could exploit to take control of an affected system. An exploit for this vulnerability exists in the wild. CISA encourages users and administrators t...
CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities
CISA has issued Emergency Directive ED 22-03 and released a Cybersecurity Advisory CSA in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access Access, VMware Identity Manager vIDM, VMware vRealize Automation vRA,...
CISA and FBI Release Alert on Active Exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
CISA and the Federal Bureau of Investigation FBI have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability—CVE-2021-44077—in Zoho ManageEngine ServiceDesk Plus. CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects all...
VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit
On September 21, 2021, VMware disclosed that its vCenter Server is affected by an arbitrary file upload vulnerability—CVE-2021-22005—in the Analytics service. A malicious cyber actor with network access to port 443 can exploit this vulnerability to execute code on vCenter Server. On September 24,...
Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability
Microsoft has released security updates to address a remote code execution vulnerability in the following in-support and out-of-support operating systems: In-support systems: Windows 7, Windows Server 2008 R2, and Windows Server 2008 Out-of-support systems: Windows 2003 and Windows XP A remote...
Microsoft Releases Security Updates for Windows 10, Windows Server
Microsoft has released security updates to address vulnerabilities in Windows 10 and Windows Server. These vulnerabilities could allow a remote attacker to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly add...
Microsoft Releases Advisory to Address Critical Remote Code Execution Vulnerability (CVE-2022-26809)
Microsoft has released an advisory to address CVE-2022-26809, a critical remote code execution vulnerability in Remote Procedure Call Runtime Library. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrator...
CISA Adds 11 Known Exploited Vulnerabilities to Catalog
CISA has added 11 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and...
Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks
On July 23, Microsoft released KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services AD CS to address a NTLM Relay Attack named PetitPotam. CISA encourages users and administrators to review KB5005413 and apply the necessary mitigations. This product is provided subjec...
Oracle Patches Apache Vulnerabilities
Oracle has released security updates to address Apache Struts 2 vulnerabilities found across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Oracle Security Alert and...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added...
CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol
The Cybersecurity and Infrastructure Security Agency CISA has released Emergency Directive ED 20-04 addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this...
Apache Releases Security Updates for Apache Tomcat
The Apache Software Foundation has released Apache Tomcat 9.0.1 and 8.5.23 to address a vulnerability in previous versions of the software. A remote attacker could exploit this vulnerability to take control of an affected server. US-CERT encourages users and administrators to review the Apache...
CISA Adds One Known Exploited Vulnerability (CVE-2022-26134) to Catalog
CISA has added one new vulnerability—CVE-2022-26134—to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view t...
Unpatched VMware vCenter Software
CISA is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation. Although patches were made available on May 25, 2021, unpatched systems remain an attractive target and...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-21237 Android Pixel Information Disclosure Vulnerability CVE-2021-36380 Sunhillo SureLine OS Command Injection Vulnerablity These types of vulnerabilities are...
Citrix Releases Security Updates for Citrix ADC, Citrix Gateway
Citrix has released security updates to address a critical vulnerability CVE-2022-27518 in Citrix ADC and Citrix Gateway. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators...
Samba Releases Security Update for CVE-2020-1472
The Samba Team has released a security update to address a critical vulnerability—CVE-2020-1472—in multiple versions of Samba. This vulnerability could allow a remote attacker to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Apache Releases Security Update for Apache HTTP Server
Updated October 7, 2021 Apache has released additional fixes for CVE-2021-41773, which is tracked as CVE-2021-42013. For more information see the Apache vulnerabilities page. Originally published October 6, 2021 The Apache Software Foundation has released Apache HTTP Server version 2.4.50 to...
NETGEAR Releases Security Updates for RCE Vulnerability
NETGEAR has released security updates to address a remote code execution vulnerability—CVE-2021-40847—in multiple NETGEAR routers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review NETGEAR’s Security Adviso...
CISA Updates Best Practices for Mapping to MITRE ATT&CK®
Today, CISA updated Best Practices for MITRE ATT&CK® Mapping. The MITRE ATT&CK® framework is a lens through which network defenders can analyze adversary behavior and, as CISA Executive Assistant Director Eric Goldstein noted in his June 2021 blog post on the framework, it directly supports...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and...
Critical ForgeRock Access Management Vulnerability
Malicious cyber actors are actively exploiting a pre-authorization remote code execution vulnerability CVE-2021-35464 in ForgeRock Access Management—a commercial open access management solution that is based on OpenAM, an open-source access management solution. An attacker exploiting this...
Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP
Zoho has released a security advisory to address an authentication bypass vulnerability in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. According to Zoho, this vulnerability is being actively exploited in...
Unpatched Domain Controllers Remain Vulnerable to Netlogon Vulnerability, CVE-2020-1472
The Cybersecurity and Infrastructure Security Agency CISA is aware of active exploitation of CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain...
ISC Releases Security Advisories for Multiple Versions of BIND 9
The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain BIND 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system...
Samba Releases Security Updates
The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Samba Security Announcements for CVE-2018-10858,...
CRI-O Security Update for Kubernetes
CRI-O has released a security update addressing a critical vulnerability—CVE-2022-0811—in CRI-O 1.19. A local attacker could exploit this vulnerability to take control of an affected Kubernetes environment as well as other software or platforms that use CRI-O runtime containers. CISA encourages...
Security Researchers Reveal Activity Targeting ManageEngine ADSelfService Plus
On September 16, CISA released a joint alert on exploitation of a vulnerability CVE-2021-40539 in ManageEngine ADSelfService Plus. On November 8, security researchers from Palo Alto Networks and Microsoft Threat Intelligence Center MSTIC released separate reports on targeted attacks against...
SonicWall Releases Patches for Email Security Products
CISA is aware of three vulnerabilities affecting SonicWall Email Security products: CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023. A remote attacker could exploit these vulnerabilities to take control of an affected system. According to SonicWall, "In at least one known case, these...
FREAK
FREAK Factoring Attack on RSA-EXPORT Keys CVE-2015-0204 is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers. Google has released an updated version of its Android OS and Chrome browser for OS X to...
Mozilla Network Security Services (NSS) Library Vulnerability
A vulnerability in the Mozilla NSS library could allow an attacker to forge an RSA signature, such as an SSL certificate. The package is often included in 3rd party software, including Linux distributions, Google Chrome, and others. It is possible that other cryptographic libraries may be similar...
FBI Update on Exploitation of Fortinet FortiOS Vulnerabilities
The Federal Bureau of Investigation FBI has released an FBI FLASH, APT Actors Exploiting Fortinet Vulnerabilities to Gain Access for Malicious Activity, which describes advanced persistent threat APT actors exploiting known Fortinet FortiOS vulnerabilities. APT actors may exploit these...
CERT/CC Releases Information on Critical Vulnerability in Microsoft Windows Netlogon Remote Protocol
The CERT Coordination Center CERT/CC has released information on CVE-2020-1472, a vulnerability affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker could exploit this vulnerability to obtain Active Directory domain administrator access. Although Microsoft provided...
Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms
Today, Cisco released security updates to address ArcaneDoor—exploitation of Cisco Adaptive Security Appliances ASA devices and Cisco Firepower Threat Defense FTD software. A cyber threat actor could exploit vulnerabilities CVE-2024-20353link is external, CVE-2024-20359link is external,...
CISA and FBI Release ESXiArgs Ransomware Recovery Guidance
Today, CISA and the Federal Bureau of Investigation FBI released a joint Cybersecurity Advisory, ESXiArgs Ransomware Virtual Machine Recovery Guidance. This advisory describes the ongoing ransomware campaign known as “ESXiArgs.” Malicious cyber actors may be exploiting known vulnerabilities in...
NCSC Releases Alert on Microsoft SharePoint Vulnerability
The United Kingdom UK National Cyber Security Centre NCSC has released an Alert to address a vulnerability—CVE-2020-16952—affecting Microsoft SharePoint server. An attacker could exploit this vulnerability to take control of an affected system. Applying patches from Microsoft’s October 2020...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-41713link is external Mitel MiCollab Path Traversal Vulnerability CVE-2024-55550link is external Mitel MiCollab Path Traversal Vulnerability CVE-2020-2883lin...
Updated: APT Exploitation of ManageEngine ADSelfService Plus Vulnerability
The Federal Bureau of Investigation FBI, CISA, and Coast Guard Cyber Command CGCYBER have updated the Joint Cybersecurity Advisory CSA published on September 16, 2021, which details the active exploitation of an authentication bypass vulnerability CVE-2021-40539 in Zoho ManageEngine ADSelfService...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-14611link is external Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability CVE-2025-43529link is external Apple Multiple Products...
Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments
Update 08/12/2025: CISA has updated this alert to provide clarification on identifying Exchange Servers on an organization’s networks and provided further guidance on running the Microsoft Exchange Health Checker. Update 08/07/2025: CISA issued Emergency Directive ED 25-02: Mitigate Microsoft...