Security News

CISA warns of actively exploited Apache HugeGraph-Server bug
2024-09-19 22:53

The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting...

CISA urges software devs to weed out XSS vulnerabilities
2024-09-17 16:39

CISA and the FBI urged tech companies to review their software and eliminate cross-site scripting (XSS) vulnerabilities before shipping. [...]

CISA warns of Windows flaw used in infostealer malware attacks
2024-09-16 19:53

​CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. [...]

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
2024-09-10 12:26

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known...

CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports
2024-08-28 06:50

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its...

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September
2024-08-24 07:03

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of...

CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks
2024-08-20 04:53

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its...

CISA warns of Jenkins RCE bug exploited in ransomware attacks
2024-08-19 19:16

​CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. [...]

CISA warns critical SolarWinds RCE bug is exploited in attacks
2024-08-16 16:33

CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. [...]

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature
2024-08-09 05:41

The U.S. Cybersecurity and Infrastructure Security Agency has disclosed that threat actors are abusing the legacy Cisco Smart Install feature with the aim of accessing sensitive data. The agency said it has seen adversaries "Acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature."