CISA Archives • Page 2 of 7 • Daily CyberSecurity

CISA/NSA Warn of BRICKSTORM Backdoor: China APT Targets VMware and ADFS for Long-Term Espionage BRICKSTORM Backdoor, VMware Espionage

CISA/NSA Warn of BRICKSTORM Backdoor: China APT Targets VMware and ADFS for Long-Term Espionage

Ddos December 8, 2025

A new and sophisticated malware threat has emerged from the shadows of state-sponsored cyber espionage. The Cybersecurity...

CISA Warns: Critical Longwatch RCE Flaw (CVE-2025-13658, CVSS 9.8) Allows Unauthenticated SYSTEM Takeover of OT Surveillance Longwatch Unauthenticated RCE, Industrial Video & Control

Longwatch Unauthenticated RCE, Industrial Video & Control

CISA Warns: Critical Longwatch RCE Flaw (CVE-2025-13658, CVSS 9.8) Allows Unauthenticated SYSTEM Takeover of OT Surveillance

Ddos December 3, 2025

A critical security vulnerability has been identified in the Longwatch video surveillance and monitoring system developed by...

CISA Warns: Critical Iskra iHUB Flaw (CVE-2025-13510) Allows Unauthenticated Smart Metering Takeover Iskra iHUB Auth Bypass, Critical Smart Metering Flaw

Iskra iHUB Auth Bypass, Critical Smart Metering Flaw

CISA Warns: Critical Iskra iHUB Flaw (CVE-2025-13510) Allows Unauthenticated Smart Metering Takeover

Ddos December 3, 2025

A critical security vacuum has been discovered in smart metering infrastructure, potentially leaving utility networks exposed to...

CISA Flags Actively Exploited OpenPLC Flaw (CVE-2021-26829) n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Flags Actively Exploited OpenPLC Flaw (CVE-2021-26829)

Ddos November 29, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new mandate for federal agencies to secure...

CISA Emergency Alert: Commercial Spyware Exploiting Zero-Click and Malicious QR Codes to Hijack Messaging Apps Commercial Spyware, Messaging App Compromise

Commercial Spyware, Messaging App Compromise

CISA Emergency Alert: Commercial Spyware Exploiting Zero-Click and Malicious QR Codes to Hijack Messaging Apps

Ddos November 25, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent nationwide alert warning that multiple cyber...

CISA/FBI/NSA Unite to Dismantle Bulletproof Hosting Ecosystem with New Global Defense Guide CISA Bulletproof Hosting, BPH Dismantling Guide

CISA/FBI/NSA Unite to Dismantle Bulletproof Hosting Ecosystem with New Global Defense Guide

Ddos November 20, 2025

In a joint announcement, the Cybersecurity and Infrastructure Security Agency (CISA)—alongside the NSA, FBI, DoD Cyber Crime...

CISA/Europol Warn: Akira Ransomware Profits Hit $244M, Group Expands to Encrypt Nutanix AHV VMs Akira Ransomware, Nutanix AHV Exploit

CISA/Europol Warn: Akira Ransomware Profits Hit $244M, Group Expands to Encrypt Nutanix AHV VMs

Ddos November 18, 2025

The United States Cybersecurity and Infrastructure Security Agency (CISA), alongside a coalition of global law-enforcement and cybersecurity...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CISA Warns: Critical Lynx+ Gateway Flaw (CVSS 10.0) Allows Unauthenticated Remote Reset; Vendor Non-Responsive

Ddos November 17, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new advisory detailing multiple high-severity vulnerabilities...

CISA Warns: Critical VizAir Flaws (CVSS 10.0) Expose Airport Weather Systems to Unauthenticated Manipulation VizAir RCE, Airport Weather Manipulation

VizAir RCE, Airport Weather Manipulation

CISA Warns: Critical VizAir Flaws (CVSS 10.0) Expose Airport Weather Systems to Unauthenticated Manipulation

Ddos November 6, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory detailing three vulnerabilities in the...

CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover Survision LPR Auth Bypass, CVE-2025-12108

CISA Warns: Critical Survision LPR Camera Flaw (CVE-2025-12108, CVSS 9.8) Allows Unauthenticated Takeover

Ddos November 6, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about a critical vulnerability affecting...

CISA Warns of Active Exploitation in XWiki and VMware Vulnerabilities n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Warns of Active Exploitation in XWiki and VMware Vulnerabilities

Ddos October 31, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new flaws—CVE-2025-24893 in XWiki Platform and...

CISA Warns: Critical Veeder-Root TLS4B RCE (CVE-2025-58428) Exposes Tank Gauge Systems to Command Injection

Ddos October 27, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert for two high-severity vulnerabilities affecting the...

CISA Emergency Alert: Critical RCE Flaw (CVSS 10.0) Exposes AutomationDirect PLCs to Unauthenticated Takeover AutomationDirect Critical RCE, PLC Vulnerabilities

AutomationDirect Critical RCE, PLC Vulnerabilities

CISA Emergency Alert: Critical RCE Flaw (CVSS 10.0) Exposes AutomationDirect PLCs to Unauthenticated Takeover

Ddos October 26, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert warning of multiple high-severity vulnerabilities affecting...

CISA Warns: Critical Raisecom Router Flaw (CVE-2025-11534, CVSS 9.8) Allows Unauthenticated Root SSH Access Raisecom Critical Auth Bypass, EoL Router

Raisecom Critical Auth Bypass, EoL Router

CISA Warns: Critical Raisecom Router Flaw (CVE-2025-11534, CVSS 9.8) Allows Unauthenticated Root SSH Access

Ddos October 23, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding a critical authentication bypass vulnerability...

CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation CVE-2021-1435 Adobe AEM RCE, CVE-2025-54253

CISA Emergency Alert: Critical Adobe AEM Flaw (CVE-2025-54253, CVSS 10.0) Under Active Exploitation

Ddos October 16, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Adobe Experience Manager (AEM) vulnerability to...

CISA Warns of Critical RCE Flaw (CVE-2025-10659, CVSS 9.8) in Megasys Telenium Online Web Application WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

CISA Warns of Critical RCE Flaw (CVE-2025-10659, CVSS 9.8) in Megasys Telenium Online Web Application

Ddos October 2, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning of a critical...

Chrome Security Update Use After Free Chrome Security Update Critical Vulnerabilities Chrome Security Update CVE-2026-3062 Chrome Security Update V8 Engine Vulnerability Chrome Security Update CVE-2026-1862 CVE-2026-0628 Chrome 143 Update Chrome Safe Browsing UAF, CVE-2025-11756 Chrome Memory Flaws, CVE-2025-11460 Google Chrome, vulnerability CVE-2025-10200, CVE-2025-10201 Big Sleep CVE-2025-9478 Chrome Update, Security Vulnerabilities

CISA adds Chrome zero-day CVE-2025-10585 to KEV after public exploit appears

Ddos September 24, 2025

CISA this week added CVE-2025-10585, a high-severity type-confusion flaw in Google’s V8 JavaScript engine, to its Known...

CISA Warns of Critical Vulnerabilities in Dover Fueling Solutions’ ProGauge MagLink LX WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

CISA Warns of Critical Vulnerabilities in Dover Fueling Solutions’ ProGauge MagLink LX

Ddos September 20, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about multiple critical vulnerabilities in ProGauge...

CISA Warns of Malicious Listener Malware Exploiting Ivanti Endpoint Manager Mobile Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

CISA Warns of Malicious Listener Malware Exploiting Ivanti Endpoint Manager Mobile

Ddos September 19, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has published a new Malware Analysis Report (MAR) detailing how...

CISA Warns of Critical Flaw in Delta DIALink: CVE-2025-58321 (CVSS 10.0)

Ddos September 19, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new security advisory warning about two serious...