CISA Archives • Page 3 of 7 • Daily CyberSecurity

CVE-2025-10127 (CVSS 9.8): Critical Daikin Flaw Could Give Hackers Full System Access

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2025-10127 (CVSS 9.8): Critical Daikin Flaw Could Give Hackers Full System Access

Ddos September 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory about a critical flaw in...

CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited Known Exploited Vulnerabilities CISA KEV

CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited

Ddos September 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Dassault Systèmes DELMIA Apriso...

CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching CISA KEV Catalog SharePoint RCE CISA, Known Exploited Vulnerabilities CVE-2023-33010

CISA KEV Catalog SharePoint RCE CISA, Known Exploited Vulnerabilities CVE-2023-33010

CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching

Ddos September 5, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities...

CISA Warns: Actively Exploited TP-Link Router Flaws Added to KEV Catalog TP-Link, CISA CVE-2023-32315 CISA KEV Catalog Active Exploitation

CISA Warns: Actively Exploited TP-Link Router Flaws Added to KEV Catalog

Ddos September 4, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added two TP-Link router vulnerabilities to its Known Exploited...

CISA Warns of Critical Flaw in SunPower Solar Inverters (CVE-2025-9696, CVSS 9.6)

Ddos September 3, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory highlighting a critical vulnerability in...

CISA Flags Two Actively Exploited Vulnerabilities: TP-Link Router Reset Flaw and WhatsApp Zero-Day Chain Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

Ivanti EPMM Vulnerability CVE-2026-1340 CISA KEV Catalog CVE-2026-21385 CISA KEV Update CVE-2008-0015 CISA KEV, Array Networks Command Injection CVE-2025-0111 & CVE-2025-23209 CISA, Known Exploited Vulnerabilities

CISA Flags Two Actively Exploited Vulnerabilities: TP-Link Router Reset Flaw and WhatsApp Zero-Day Chain

Ddos September 3, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added two new security flaws to its Known Exploited...

An Espionage System: NSA, CISA, & Partners Expose Chinese APT Groups Chinese APT, cyber espionage

An Espionage System: NSA, CISA, & Partners Expose Chinese APT Groups

Ddos August 28, 2025

In a multinational alert, the U.S. National Security Agency (NSA), CISA, FBI, and partners from more than...

PoC Available: CrushFTP Zero-Day (CVE-2025-54309) Exploited in the Wild

Ddos August 28, 2025

watchTowr Labs has released a detailed analysis of CVE-2025-54309, a zero-day authentication bypass vulnerability in CrushFTP, the...

CISA Adds Citrix and Git Flaws to Known Exploited Vulnerabilities Catalog n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Adds Citrix and Git Flaws to Known Exploited Vulnerabilities Catalog

Ddos August 26, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities...

CISA Flags Actively Exploited Trend Micro Apex One Vulnerability (CVE-2025-54948) n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Flags Actively Exploited Trend Micro Apex One Vulnerability (CVE-2025-54948)

Ddos August 19, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Trend Micro Apex One vulnerability—CVE-2025-54948—to...

CISA Alert: Critical Flaw (CVE-2025-8284) in Packet Power Devices Allows Unauthenticated Remote Takeover Packet Power, CISA Alert

CISA Alert: Critical Flaw (CVE-2025-8284) in Packet Power Devices Allows Unauthenticated Remote Takeover

Ddos August 11, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-severity alert for a missing authentication...

CVE-2025-5095 (CVSS 9.8): Critical Flaw in ARC Solo Broadcasting Devices Allows Unauthenticated Takeover

Ddos August 11, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning about a critical authentication...

CISA Alert: Critical Flaws Expose EG4 Electronics Inverters to Remote Takeover EG4 Electronics, CISA Alert

CISA Alert: Critical Flaws Expose EG4 Electronics Inverters to Remote Takeover

Ddos August 9, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a risk evaluation warning about multiple high-severity...

Everon OCPP Vulnerability CVE-2026-26288 ASUSTOR ADM Vulnerability CVE-2026-24936 PrismX MX100 Vulnerability Hard-Coded Credentials Advantech Vulnerability CVE-2025-52694 Eaton UPS Companion, CVE-2025-59887 ASUS Router, Authentication Bypass ASUSTOR DLL Hijacking, Privilege Escalation OpenShift AI, Privilege Escalation GoAnywhere vulnerability CVE-2025-10035 LangChainGo, template injection DeepDiff, class pollution ToolShell Sunshine, CSRF Vulnerability KACE SMA, Critical Vulnerabilities Oracle Zero-Days - PDQ Deploy vulnerability

CISA Warns of “ToolShell”: Critical Exploit Chain Hits SharePoint Servers, Bypasses Authentication

Ddos August 7, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has released an in-depth Malware Analysis Report warning of a...

CISA Alert: Critical Flaws in Tigo Energy Solar Devices Allow Remote Takeover of Solar Systems Tigo Energy, CISA Alert

CISA Alert: Critical Flaws in Tigo Energy Solar Devices Allow Remote Takeover of Solar Systems

Ddos August 7, 2025

In a critical advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), newly discovered vulnerabilities in...

CISA Alert: Critical Flaw (CVE-2025-8286) in Güralp FMUS Seismic Devices Allows Unauthenticated Takeover, No Patch!

Ddos August 1, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory about a critical vulnerability—CVE-2025-8286—impacting...

Global Cyber Authorities Warn of Escalating Threat from Scattered Spider Group Scattered Spider, Cybercrime Advisory

Global Cyber Authorities Warn of Escalating Threat from Scattered Spider Group

Ddos July 30, 2025

In a joint cybersecurity advisory, authorities from the United States, Canada, the United Kingdom, and Australia have...

CISA, FBI Warn of Interlock Ransomware, Actively Targeting Businesses & Critical Infrastructure Interlock Ransomware, CISA Advisory

CISA, FBI Warn of Interlock Ransomware, Actively Targeting Businesses & Critical Infrastructure

Ddos July 23, 2025

In a new joint cybersecurity advisory issued on July 22, 2025, the Cybersecurity and Infrastructure Security Agency...

CISA Warns of Critical Flaws in Emerson ValveLink Software: Exploits Could Lead to Code Execution and Data Exposure Emerson ValveLink, Critical Vulnerabilities

Emerson ValveLink, Critical Vulnerabilities

CISA Warns of Critical Flaws in Emerson ValveLink Software: Exploits Could Lead to Code Execution and Data Exposure

Ddos July 10, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security advisory highlighting multiple critical vulnerabilities...

Iranian Cyber Actors May Target U.S. Networks and Critical Infrastructure, Warn U.S. Agencies Iran Cyber Threat, US Critical Infrastructure

Iranian Cyber Actors May Target U.S. Networks and Critical Infrastructure, Warn U.S. Agencies

Ddos July 1, 2025

A joint alert issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI),...