CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-0257link is external Palo Alto Networks PAN-OS Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vectors for malicious cybe...

Microsoft Releases Advisory to Address Critical Remote Code Execution Vulnerability (CVE-2022-26809)

Microsoft has released an advisory to address CVE-2022-26809, a critical remote code execution vulnerability in Remote Procedure Call Runtime Library. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrator...

Google Releases Security Updates for Chrome

Google has released Chrome version 94.0.4606.61 for Windows, Mac, and Linux. This version addresses a vulnerability—CVE-2021-37973—that an attacker could exploit to take control of an affected system. An exploit for this vulnerability exists in the wild. CISA encourages users and administrators t...

Oracle Patches Apache Vulnerabilities

Oracle has released security updates to address Apache Struts 2 vulnerabilities found across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Oracle Security Alert and...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2013-3893link is external Microsoft Internet Explorer Resource Management Errors Vulnerability CVE-2007-0671link is external Microsoft Office Excel Remote Cod...

Unpatched VMware vCenter Software

CISA is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation. Although patches were made available on May 25, 2021, unpatched systems remain an attractive target and...

Samba Releases Security Update for CVE-2020-1472

The Samba Team has released a security update to address a critical vulnerability—CVE-2020-1472—in multiple versions of Samba. This vulnerability could allow a remote attacker to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added...

CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol

The Cybersecurity and Infrastructure Security Agency CISA has released Emergency Directive ED 20-04 addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this...

CISA Adds One Known Exploited Vulnerability (CVE-2022-26134) to Catalog  

CISA has added one new vulnerability—CVE-2022-26134—to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view t...

CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities

CISA has issued Emergency Directive ED 22-03 and released a Cybersecurity Advisory CSA in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access Access, VMware Identity Manager vIDM, VMware vRealize Automation vRA,...

Apache Releases Security Update for Apache HTTP Server

Updated October 7, 2021 Apache has released additional fixes for CVE-2021-41773, which is tracked as CVE-2021-42013. For more information see the Apache vulnerabilities page. Originally published October 6, 2021 The Apache Software Foundation has released Apache HTTP Server version 2.4.50 to...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and...

Drupal Releases Security Advisory

Drupal has released a security advisory to address an application program interface API vulnerability CVE-2014-3704 that could allow an attacker to execute arbitrary SQL commands on an affected system. This vulnerability affects all Drupal core 7.x versions prior to 7.32. US-CERT advises users an...

NETGEAR Releases Security Updates for RCE Vulnerability

NETGEAR has released security updates to address a remote code execution vulnerability—CVE-2021-40847—in multiple NETGEAR routers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review NETGEAR’s Security Adviso...

Critical ForgeRock Access Management Vulnerability

Malicious cyber actors are actively exploiting a pre-authorization remote code execution vulnerability CVE-2021-35464 in ForgeRock Access Management—a commercial open access management solution that is based on OpenAM, an open-source access management solution. An attacker exploiting this...

Unpatched Domain Controllers Remain Vulnerable to Netlogon Vulnerability, CVE-2020-1472

The Cybersecurity and Infrastructure Security Agency CISA is aware of active exploitation of CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain...

FREAK

FREAK Factoring Attack on RSA-EXPORT Keys CVE-2015-0204 is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers. Google has released an updated version of its Android OS and Chrome browser for OS X to...

Mozilla Network Security Services (NSS) Library Vulnerability

A vulnerability in the Mozilla NSS library could allow an attacker to forge an RSA signature, such as an SSL certificate. The package is often included in 3rd party software, including Linux distributions, Google Chrome, and others. It is possible that other cryptographic libraries may be similar...

Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP

Zoho has released a security advisory to address an authentication bypass vulnerability in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. According to Zoho, this vulnerability is being actively exploited in...

CERT/CC Releases Information on Critical Vulnerability in Microsoft Windows Netlogon Remote Protocol

The CERT Coordination Center CERT/CC has released information on CVE-2020-1472, a vulnerability affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker could exploit this vulnerability to obtain Active Directory domain administrator access. Although Microsoft provided...

CISA and FBI Release ESXiArgs Ransomware Recovery Guidance

Today, CISA and the Federal Bureau of Investigation FBI released a joint Cybersecurity Advisory, ESXiArgs Ransomware Virtual Machine Recovery Guidance. This advisory describes the ongoing ransomware campaign known as “ESXiArgs.” Malicious cyber actors may be exploiting known vulnerabilities in...

Security Researchers Reveal Activity Targeting ManageEngine ADSelfService Plus

On September 16, CISA released a joint alert on exploitation of a vulnerability CVE-2021-40539 in ManageEngine ADSelfService Plus. On November 8, security researchers from Palo Alto Networks and Microsoft Threat Intelligence Center MSTIC released separate reports on targeted attacks against...

NCSC Releases Alert on Microsoft SharePoint Vulnerability

The United Kingdom UK National Cyber Security Centre NCSC has released an Alert to address a vulnerability—CVE-2020-16952—affecting Microsoft SharePoint server. An attacker could exploit this vulnerability to take control of an affected system. Applying patches from Microsoft’s October 2020...

SonicWall Releases Patches for Email Security Products

CISA is aware of three vulnerabilities affecting SonicWall Email Security products: CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023. A remote attacker could exploit these vulnerabilities to take control of an affected system. According to SonicWall, "In at least one known case, these...

Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms

Today, Cisco released security updates to address ArcaneDoor—exploitation of Cisco Adaptive Security Appliances ASA devices and Cisco Firepower Threat Defense FTD software. A cyber threat actor could exploit vulnerabilities CVE-2024-20353link is external, CVE-2024-20359link is external,...

CISA Updates Best Practices for Mapping to MITRE ATT&CK®

Today, CISA updated Best Practices for MITRE ATT&CK® Mapping. The MITRE ATT&CK® framework is a lens through which network defenders can analyze adversary behavior and, as CISA Executive Assistant Director Eric Goldstein noted in his June 2021 blog post on the framework, it directly supports...

Updated: APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

The Federal Bureau of Investigation FBI, CISA, and Coast Guard Cyber Command CGCYBER have updated the Joint Cybersecurity Advisory CSA published on September 16, 2021, which details the active exploitation of an authentication bypass vulnerability CVE-2021-40539 in Zoho ManageEngine ADSelfService...

Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks

On July 23, Microsoft released KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services AD CS to address a NTLM Relay Attack named PetitPotam. CISA encourages users and administrators to review KB5005413 and apply the necessary mitigations. This product is provided subjec...

FBI Update on Exploitation of Fortinet FortiOS Vulnerabilities

The Federal Bureau of Investigation FBI has released an FBI FLASH, APT Actors Exploiting Fortinet Vulnerabilities to Gain Access for Malicious Activity, which describes advanced persistent threat APT actors exploiting known Fortinet FortiOS vulnerabilities. APT actors may exploit these...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...

VMware Releases Security Update

VMware has released a security update to address a vulnerability in VMware Carbon Black Cloud Workload appliance. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-005 and...

Oracle Releases Security Alert

Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Oracle Security Alert...

CISA and FBI Release Alert on Active Exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

CISA and the Federal Bureau of Investigation FBI have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability—CVE-2021-44077—in Zoho ManageEngine ServiceDesk Plus. CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects all...

Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments

Update 08/12/2025: CISA has updated this alert to provide clarification on identifying Exchange Servers on an organization’s networks and provided further guidance on running the Microsoft Exchange Health Checker. Update 08/07/2025: CISA issued Emergency Directive ED 25-02: Mitigate Microsoft...

Citrix Releases Security Updates for Citrix ADC, Citrix Gateway

Citrix has released security updates to address a critical vulnerability CVE-2022-27518 in Citrix ADC and Citrix Gateway. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators...

CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware 

CISA, the Federal Bureau of Investigation FBI, and the National Security Agency NSA have released a joint Cybersecurity Advisory CSA alerting organizations of increased Conti ransomware attacks. Malicious cyber actors use Conti ransomware to steal sensitive files from domestic and international...

Zero-Day Vulnerability in SonicWall SMA 100 Series Version 10.x Products

CISA is aware of a vulnerability in SonicWall Secure Mobile Access SMA 100 series products. SMA 100 series products provide an organization’s employees with remote access to internal resources. SonicWall security and engineering teams have confirmed a zero-day vulnerability that was reported by a...

ISC Releases Security Updates for BIND

The Internet Systems Consortium ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition. Updates available include: BIND 9-version 9.9.7-P1 BIND 9-version 9.10.2-P2 Users and...

Google Releases Security Updates for Chrome

Google has released Chrome version 91.0.4472.101 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30551—has been detected in exploits in the wild. CISA encourages users a...

Microsoft Releases Advisory for Unpatched Windows Vulnerability

Microsoft has released a security advisory to provide recommended mitigations for an unpatched vulnerability, CVE-2014-6352 which affects all Microsoft Windows releases except Windows Server 2003. This vulnerability could allow an attacker to take control of an affected system if a user opens a...

Oracle Patches Bash Vulnerabilities

Oracle has released security updates to address bash vulnerabilities found across multiple products. US-CERT recommends users and administrators review the Oracle Security Article for additional details, and apply updates as necessary. This product is provided subject to this Notification and thi...

SWAPGS Spectre Side-Channel Vulnerability

The Cybersecurity and Infrastructure Security Agency CISA is aware of a vulnerability CVE-2019-1125 known as SWAPGS, which is a variant of Spectre Variant 1—that affects modern computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems' memory...

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Juniper Security Advisories...

CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication 

CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication MFA. CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using...

CISA Releases Cloud Security Technical Reference Architecture

CISA has released its Cloud Security CS Technical Reference Architecture TRA to guide federal civilian departments and agencies in securely migrating to the cloud. Co-authored by CISA, the United States Digital Service, and the Federal Risk and Authorization Management Program, the CS TRA defines...

Atlassian Releases New Versions of Confluence Server and Data Center to Address CVE-2022-26134

Atlassian has released new Confluence Server and Data Center versions to address remote code execution vulnerability CVE-2022-26134 affecting these products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known...

Apache Releases Security Advisory for Struts 2

The Apache Software Foundation has released a security advisory to address vulnerabilities in Struts in the version range 2.0.0—2.5.20. An attacker could exploit one of these vulnerabilities to take control of an affected system. The current version, Struts 2.5.22, is not affected. The...

Cisco Semiannual Security Advisory Bundle

Cisco has released its semiannual IOS and IOS XE Software Security Advisory bundle to address multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to bypass user authentication or cause a denial-of-service condition. US-CERT encourages users and...