CISA Archives • Daily CyberSecurity

CISA Warns of Unpatched Avation & RISS Critical Flaws

WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CISA Warns of Unpatched Avation & RISS Critical Flaws

Ddos February 5, 2026

PoC Public & Exploited: Critical SolarWinds Help Desk Flaw Exploited in the Wild SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

PoC Public & Exploited: Critical SolarWinds Help Desk Flaw Exploited in the Wild

Ddos February 4, 2026

Unpatchable & Critical: CISA Issues CVSS 10.0 Alert for Synectix Adapters CVE-2022-35914 Synectix LAN 232 TRIO CVE-2026-1633

Unpatchable & Critical: CISA Issues CVSS 10.0 Alert for Synectix Adapters

Ddos February 4, 2026

Smart Buildings at Risk: Critical Johnson Controls Flaw (CVSS 10) Allows Remote SQL Injection

Ddos January 30, 2026

CISA Adds 4 Critical Flaws to “Must-Patch” List as Exploits Surge CISA KEV Update Versa Concerto Vulnerability KEV Catalog Vulnerability Patch CVE-2025-30406

CISA KEV Update Versa Concerto Vulnerability KEV Catalog Vulnerability Patch CVE-2025-30406

CISA Adds 4 Critical Flaws to “Must-Patch” List as Exploits Surge

Ddos January 23, 2026

40,000 Hits in 4 Hours: RondoDox Botnet Storms HPE OneView Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

40,000 Hits in 4 Hours: RondoDox Botnet Storms HPE OneView

Ddos January 16, 2026

Patch Tuesday Jan 2026: Microsoft Fixes 114 Flaws & 3 Zero-Days Microsoft Patch Tuesday CVE-2026-20805 RasMan Crash Flaw, 0patch Micropatch ASP.NET Core, HTTP smuggling Windows kernel Rust ActiveX, Microsoft 365

Microsoft Patch Tuesday CVE-2026-20805 RasMan Crash Flaw, 0patch Micropatch ASP.NET Core, HTTP smuggling Windows kernel Rust ActiveX, Microsoft 365

Patch Tuesday Jan 2026: Microsoft Fixes 114 Flaws & 3 Zero-Days

Ddos January 14, 2026

CISA “Must-Patch” Alert: Critical Gogs Exploit CVE-2025-8110 Active in Wild Gogs Vulnerability CVE-2025-8110 CVE-2025-64111

CISA “Must-Patch” Alert: Critical Gogs Exploit CVE-2025-8110 Active in Wild

Ddos January 13, 2026

CISA KEV Alert: HPE’s Maximum CVSS Score Flaw and a Zombie PowerPoint Bug CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA KEV Alert: HPE’s Maximum CVSS Score Flaw and a Zombie PowerPoint Bug

Ddos January 8, 2026

Hijacked Mobility: CISA Warns of Critical 9.8 Flaw Allowing Remote Control of WHILL Power Chairs WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

Hijacked Mobility: CISA Warns of Critical 9.8 Flaw Allowing Remote Control of WHILL Power Chairs

Ddos January 1, 2026

FBI/CISA Warn: Pro-Russia Hacktivists Target Critical Infrastructure Via Unsecured VNC HMIs Pro-Russia Hacktivist OT Attack, Unsecured VNC HMI

FBI/CISA Warn: Pro-Russia Hacktivists Target Critical Infrastructure Via Unsecured VNC HMIs

Ddos December 11, 2025

Microsoft Patches Three Zero-Days Including Active Cloud Files UAF to SYSTEM and Copilot RCE Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Smart App Control blocking Armoury Crate, ROG Ally Defender false positive 2026 Microsoft Zero-Day, Cloud Files UAF Microsoft Access end of life CVE-2025-21298 Azure Vulnerabilities

Microsoft Patches Three Zero-Days Including Active Cloud Files UAF to SYSTEM and Copilot RCE

Ddos December 10, 2025

CISA/NSA Warn of BRICKSTORM Backdoor: China APT Targets VMware and ADFS for Long-Term Espionage BRICKSTORM Backdoor, VMware Espionage

CISA/NSA Warn of BRICKSTORM Backdoor: China APT Targets VMware and ADFS for Long-Term Espionage

Ddos December 8, 2025

CISA Warns: Critical Longwatch RCE Flaw (CVE-2025-13658, CVSS 9.8) Allows Unauthenticated SYSTEM Takeover of OT Surveillance Longwatch Unauthenticated RCE, Industrial Video & Control

Longwatch Unauthenticated RCE, Industrial Video & Control

CISA Warns: Critical Longwatch RCE Flaw (CVE-2025-13658, CVSS 9.8) Allows Unauthenticated SYSTEM Takeover of OT Surveillance

Ddos December 3, 2025

CISA Warns: Critical Iskra iHUB Flaw (CVE-2025-13510) Allows Unauthenticated Smart Metering Takeover Iskra iHUB Auth Bypass, Critical Smart Metering Flaw

Iskra iHUB Auth Bypass, Critical Smart Metering Flaw

CISA Warns: Critical Iskra iHUB Flaw (CVE-2025-13510) Allows Unauthenticated Smart Metering Takeover

Ddos December 3, 2025

CISA Flags Actively Exploited OpenPLC Flaw (CVE-2021-26829) CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro