Cyberwarzone

GLOBAL SITUATIONMONITORING
482 published briefsUTCSun, Apr 5 06:15:06
Intelligence Tag

CISA

Cybersecurity and Infrastructure Security Agency

6 intelligence briefs← Intelligence Hub
  • CISA adds two actively exploited vulnerabilities to KEV catalog

    CISA adds two actively exploited vulnerabilities to KEV catalog

    CISA has added two vulnerabilities to its Known Exploited Vulnerabilities catalog in a March 13 alert, requiring federal agencies to remediate the flaws by a set deadline under Binding Operational Directive 22-01.

    Peter Chofield
    1–2 minutes
  • CISA adds five actively exploited vulnerabilities to KEV catalog

    CISA adds five actively exploited vulnerabilities to KEV catalog

    CISA has added five vulnerabilities affecting Advantive VeraCore, Ivanti EPM, Microsoft .NET Framework, and D-Link DIR-859 routers to its Known Exploited Vulnerabilities catalog, ordering federal agencies to remediate them by set deadlines.

    Peter Chofield
    1–2 minutes
  • Hikvision and Rockwell Automation CVSS 9.8 flaws added to CISA KEV catalog

    Hikvision and Rockwell Automation CVSS 9.8 flaws added to CISA KEV catalog

    CISA has added two CVSS 9.8 vulnerabilities affecting Hikvision IP cameras and Rockwell Automation ThinManager to its Known Exploited Vulnerabilities catalog, giving federal agencies until March 26, 2026, to apply mitigations or discontinue use.

    Peter Chofield
    1–2 minutes
  • CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

    CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning regarding a critical, actively exploited zero-day vulnerability in Oracle Identity Manager (CVE-2025-52054). This flaw, with a CVSS score of 9.8, allows remote attackers to bypass authentication and gain unauthorized access, posing a significant risk of complete system compromise to affected versions.

    Reza Rafati
    2–3 minutes
  • Microsoft Exchange End-of-Life: Imminent Threats and Migration Urgency

    Microsoft Exchange End-of-Life: Imminent Threats and Migration Urgency

    Microsoft Exchange servers 2016 and 2019 are nearing end-of-life this October, posing an imminent threat due to critical vulnerabilities. This advisory follows the Storm-0558 breach, prompting CISA and NSA to issue security best practices. Organizations must migrate and implement robust defenses amidst Microsoft’s Secure Future Initiative.

    Peter Chofield
    1–2 minutes
  • CISA Directs Federal Agencies to Patch Actively Exploited VMware Vulnerability by Chinese Threat Actor UNC5174

    CISA Directs Federal Agencies to Patch Actively Exploited VMware Vulnerability by Chinese Threat Actor UNC5174

    CISA directs federal agencies to patch a high-severity VMware vulnerability, CVE-2025-41244, actively exploited by the Chinese state-sponsored threat actor UNC5174 since October 2024. All organizations are urged to prioritize patching due to its frequent use as an attack vector.

    Reza Rafati
    2–3 minutes