Tag: kev
-
Cisco confirms cyberattacks on Smart Licensing Utility flaw
by
in SecurityNewsCISA earlier this week added CVE-2024-20439, a static credential vulnerability in the license management app, to its known exploited vulnerabilities catalog. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisco-confirms-attacks-smart-licensing-utility-vulnerability/744352/
-
Cisco confirms cyberattacks on Smart Licensing Utility flaw
by
in SecurityNewsCISA earlier this week added CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, to its known exploited vulnerabilities catalog. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisco-confirms-attacks-smart-licensing-utility-vulnerability/744352/
-
U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Tomcat path equivalence vulnerability, tracked as CVE-2025-24813, to its Known Exploited Vulnerabilities (KEV) catalog. The Apache Tomcat vulnerability CVE-2025-24813 was recently disclosed and is being actively exploited just 30…
-
U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Smart Licensing Utility vulnerability, tracked as CVE-2024-20439, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Cisco disclosed two vulnerabilities in its Smart Licensing Utility: CVE-2024-20439,…
-
U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added a Google Chromium Mojo sandbox escape vulnerability, tracked as CVE-2025-2783, to its Known Exploited Vulnerabilities (KEV) catalog. This week Google has released out-of-band fixes to address a high-severity security…
-
U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added [1,2] the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2019-9875 (CVSS score of 8.8) is a Deserialization of Untrusted Data in the anti…
-
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
by
in SecurityNews
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities are listed below -CVE-2019-9874 (CVSS score: 9.8) – A deserialization vulnerability in the Sitecore.Security.AntiCSRF First seen on thehackernews.com Jump to…
-
Updated KEV Catalog From CISA Includes Edimax, NAKIVO, and SAP NetWeaver Bugs
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/updated-kev-catalog-from-cisa-includes-edimax-nakivo-and-sap-netweaver-bugs
-
CISA marks NAKIVO’s critical backup vulnerability as actively exploited
by
in SecurityNews
Tags: access, advisory, backup, cisa, ciso, cloud, cybersecurity, exploit, kev, mitigation, network, service, update, vulnerabilityCISOs advised to push for immediate patching: CISA has advised immediate federal and civilian patching of the flaw. For the Federal Civilian Executive Branch (FCEB) agencies, the US cybersecurity watchdog has stipulated a patching deadline of April 19, 2025, in accordance with the BOD 22-01 directive.”Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance…
-
CISA Warns of Exploited Nakivo Vulnerability
by
in SecurityNewsCISA has added an absolute path traversal bug in Nakivo Backup and Replication to its Known Exploited Vulnerabilities list. The post CISA Warns of Exploited Nakivo Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-exploited-nakivo-vulnerability/
-
CVE-2024-48248: High-Severity NAKIVO Flaw Actively Exploited
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency has identified a significant security flaw affecting NAKIVO Backup Replication software, adding it to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation in the wild. The vulnerability, tracked as CVE-2024-48248… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/nakivo-backup-software-flaw-exploited/
-
U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: In early March, 2025, US CISA warned that multiple botnets are exploiting a…
-
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to First seen on…
-
Critical Fortinet Vulnerability Draws Fresh Attention
by
in SecurityNewsCISA this week added CVE-2025-24472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/critical-fortinet-vulnerability-draws-fresh-attention
-
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
by
in SecurityNews
Tags: breach, cisa, cve, cybersecurity, exploit, flaw, github, infrastructure, kev, malicious, supply-chain, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog.The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote First…
-
U.S. CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Appleproducts and Juniper Junos OSflaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2025-21590 is an Improper Isolation or Compartmentalization issue in the kernel of Juniper Networks Junos OS…
-
U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, update, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of these flaws that Microsoft addressed with the release of Microsoft Patch Tuesday security updates for…
-
3 Ivanti flaws added to CISA list of known exploited vulnerabilities
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/3-ivanti-flaws-added-to-cisa-list-of-known-exploited-vulnerabilities
-
CISA Urges All Organizations to Patch Exploited Critical Ivanti Vulnerabilities
by
in SecurityNewsThe US Cybersecurity and Infrastructure Security Agency (CISA) has added five new flaws in Ivanti and VeraCore products to its Known Exploited Vulnerabilities catalog First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-kev-ivanti-critical/
-
CISA Warns of Ivanti EPM Vulnerability Exploitation
by
in SecurityNewsCISA has added three critical-severity flaws in Ivanti EPM to its Known Exploited Vulnerabilities catalog. The post CISA Warns of Ivanti EPM Vulnerability Exploitation appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-ivanti-epm-vulnerability-exploitation/
-
CISA Added 3 Ivanti Endpoint Manager Bugs to Wildly Exploited Vulnerabilities Catalog
by
in SecurityNews
Tags: cisa, cyber, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with the addition of three high-risk security flaws affecting Ivanti Endpoint Manager (EPM). These vulnerabilities, which involve absolute path traversal issues, have been observed being actively exploited in the wild, prompting federal agencies and organizations to implement remediation measures before…
-
U.S. CISA adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: A Vietnamese cybercrime group, tracked as XE Group, is exploiting the above VeraCore vulnerabilities, deploying reverse shells and web shells…
-
CISOs müssen OT-Risiken stärker adressieren
by
in SecurityNews
Tags: china, ciso, cyber, cyberattack, exploit, firewall, hacker, infrastructure, Internet, iran, kev, kritis, military, ransomware, risk, technology, update, vulnerabilityDa Angriffe auf OT-Bereiche zunehmen, sollten CISOs einen Exposure-Management-Ansatz verfolgen.Die Bedrohungen gegen die Betriebstechnik (Operational Technology, OT) der kritischen Infrastruktur (KRITIS) verschärfen sich kontinuierlich. China baut offensive Komponenten in amerikanische Militär- und Unternehmensnetzwerke ein. Zudem haben chinesische Hacker Telekommunikationsunternehmen und Internetdienstleister infiltriert, um Zivilisten auszuspionieren. Seit etlichen Jahren, also bereits deutlich vor dem Angriffskrieg, greift…
-
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2024-57968 – An unrestricted file upload vulnerability in Advantive VeraCore First…
-
CISA Issues Alert on Actively Exploited VMware Vulnerabilities
by
in SecurityNews
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, linux, mitigation, threat, vmware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) escalated warnings on March 4, 2025, by adding four severe vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. Federal agencies and private organizations are urged to prioritize mitigation efforts, as threat actors are actively weaponizing these flaws in VMware ESXi, Workstation, Fusion, and the Linux kernel. CVE-2025-22225:…
-
CISA Expands Known Exploited Vulnerabilities Catalog with Four Critical Issues
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog with four new vulnerabilities, adding to the growing list of cyber risks that have been actively exploited. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-known-exploited-vulnerabilities-catalog-3/
-
U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: android, cisa, cve, cybersecurity, exploit, google, infrastructure, kev, linux, vmware, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The first issue, tracked as CVE-2024-50302, was addressed by Google with the release of the Android…
-
Several flaws added to CISA known exploited vulnerabilities catalog
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/several-flaws-added-to-cisa-known-exploited-vulnerabilities-catalog
-
Several Flaws Added To CISA’s KEV List
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/several-flaws-added-to-cisas-kev-list