Security News

CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks
2025-04-09 08:00

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog,...

CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
2025-04-08 08:11

A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV)...

As CISA braces for more cuts, threat intel sharing takes a hit
2025-04-08 01:24

Will 'gutting' the civilian defense agency make American cybersecurity great again? Analysis Slashing staff at the US govt's Cybersecurity and Infrastructure Security Agency, aka CISA, and...

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks
2025-04-07 13:40

Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted...

For flux sake: CISA, annexable allies warn of hot DNS threat
2025-04-03 22:54

Shape shifting technique described as menace to national security The US govt's Cybersecurity Infrastructure Agency, aka CISA, on Thursday urged organizations, internet service providers, and...

CISA warns of Fast Flux DNS evasion used by cybercrime gangs
2025-04-03 19:37

CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the "Fast Flux" cybercrime evasion technique used by state-sponsored...

CISA spots spawn of Spawn malware targeting Ivanti flaw
2025-04-01 01:09

Resurge an apt name for malware targeting hardware maker that has security bug after security bug Owners of Ivanti’s Connect Secure, Policy Secure, and ZTA Gateway products have a new strain of...

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices
2025-03-31 13:02

CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect...

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
2025-03-27 06:23

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited...

CISA tags NAKIVO backup flaw as actively exploited in attacks
2025-03-20 21:13

CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO's Backup & Replication software. [...]