Security News

The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting...

CISA and the FBI urged tech companies to review their software and eliminate cross-site scripting (XSS) vulnerabilities before shipping. [...]

​CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. [...]

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its...

​CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. [...]

CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. [...]

The U.S. Cybersecurity and Infrastructure Security Agency has disclosed that threat actors are abusing the legacy Cisco Smart Install feature with the aim of accessing sensitive data. The agency said it has seen adversaries "Acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature."