CISA
Cybersecurity and Infrastructure Security Agency
-
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning regarding a critical, actively exploited zero-day vulnerability in Oracle Identity Manager (CVE-2025-52054). This flaw, with a CVSS score of 9.8, allows remote attackers to bypass authentication and gain unauthorized access, posing a significant risk of complete system compromise to affected versions.
-
Microsoft Exchange End-of-Life: Imminent Threats and Migration Urgency
Microsoft Exchange servers 2016 and 2019 are nearing end-of-life this October, posing an imminent threat due to critical vulnerabilities. This advisory follows the Storm-0558 breach, prompting CISA and NSA to issue security best practices. Organizations must migrate and implement robust defenses amidst Microsoft’s Secure Future Initiative.
-
CISA Directs Federal Agencies to Patch Actively Exploited VMware Vulnerability by Chinese Threat Actor UNC5174
CISA directs federal agencies to patch a high-severity VMware vulnerability, CVE-2025-41244, actively exploited by the Chinese state-sponsored threat actor UNC5174 since October 2024. All organizations are urged to prioritize patching due to its frequent use as an attack vector.