On Friday, Microsoft reported a significant security incident involving the exploitation of two zero-day vulnerabilities in Microsoft Exchange servers by a single threat actor group as far back as August 2022. This group successfully gained initial access through coordinated attacks targeting fewer than ten organizations worldwide. The compromises facilitated the…
Fortinet Confirms Active Exploitation of Critical Vulnerability in Firewall and Proxy Products On Monday, Fortinet disclosed a critical security vulnerability affecting its firewall and proxy offerings, warning that the flaw is currently being exploited in the wild. This vulnerability, tracked as CVE-2022-40684 and rated with a CVSS score of 9.6,…
Congressional Investigation Reveals $20.9 Billion in Losses from Data Breaches This week, Congressional Democrats on the Joint Economic Committee published a report revealing an alarming $20.9 billion in consumer losses attributed to identity theft linked to four significant data breaches involving data broker companies. The investigation, initiated by U.S. Senator…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reported a security breach involving a federal agency, attributed to threat actors affiliated with the Iranian government. The attackers exploited the Log4Shell vulnerability found in an unpatched VMware Horizon server, demonstrating a sophisticated exploitation technique. The breach, which occurred between mid-June…
On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog, identifying three flaws currently being actively exploited. This addition underscores the persistent threat landscape faced by organizations, especially those in critical sectors. Among the newly acknowledged vulnerabilities is CVE-2022-24990, which affects TerraMaster network-attached…
On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of three significant vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. This decision follows emerging evidence of active exploitation affecting specific target systems. The identified vulnerabilities include: CVE-2022-47986, a code execution flaw in IBM Aspera Faspex (CVSS…
In its March 2023 Patch Tuesday update, Microsoft disclosed fixes for 80 security vulnerabilities, two of which have been actively exploited in the wild. These vulnerabilities target critical components within the Microsoft ecosystem, with eight categorized as Critical, 71 as Important, and one as Moderate in severity. This update continues…
Government, Industry Specific Acting Chief Informs Lawmakers of Potential Furloughs Amid Funding Uncertainty Chris Riotta (@chrisriotta) • February 11, 2026 In a critical address to Congress, CISA’s acting director, Madhu Gottumukkala, highlighted the severe implications of a funding lapse for the Cybersecurity and Infrastructure Security Agency. If Congress fails to…
On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog by adding three security flaws, highlighting the urgent need for businesses to address vulnerabilities currently being exploited in the wild. The newly identified vulnerabilities include CVE-2023-28432, a significant information disclosure issue affecting MinIO,…
