The United States Cybersecurity and Infrastructure Security Agency (CISA) has recently issued an advisory urging organizations to update all Active Directory credentials to enhance security against cyberattacks exploiting a known remote code execution (RCE) vulnerability within Pulse Secure VPN servers, regardless of whether they have applied patches. This warning follows…
March 11, 2021
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint advisory on Wednesday, highlighting ongoing exploitation of vulnerabilities in Microsoft Exchange on-premises products by both nation-state actors and cybercriminals. “CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal sensitive information, encrypt data for ransom, or conduct destructive attacks,” the agencies stated. They also noted that compromised networks might be sold on the dark web. Recent attacks have mainly targeted local governments, academic institutions, NGOs, and businesses across various sectors such as agriculture, biotechnology, aerospace, defense, legal services, power utilities, and pharmaceuticals—consistent with previous activities linked to Chinese cyber threats. Tens of thousands of entities, including the Eur…
ProxyLogon Exploit Now Public, Heightening Cyber Threats Date: March 11, 2021 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an urgent advisory concerning the exploitation of serious vulnerabilities within Microsoft Exchange on-premises products. This advisory comes in the wake of confirmed…
March 11, 2021
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint advisory on Wednesday, highlighting ongoing exploitation of vulnerabilities in Microsoft Exchange on-premises products by both nation-state actors and cybercriminals. “CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal sensitive information, encrypt data for ransom, or conduct destructive attacks,” the agencies stated. They also noted that compromised networks might be sold on the dark web. Recent attacks have mainly targeted local governments, academic institutions, NGOs, and businesses across various sectors such as agriculture, biotechnology, aerospace, defense, legal services, power utilities, and pharmaceuticals—consistent with previous activities linked to Chinese cyber threats. Tens of thousands of entities, including the Eur…
CISA Includes TP-Link and WhatsApp Vulnerabilities in KEV Catalog Due to Ongoing Exploitation
September 3, 2025
Vulnerability / Mobile Security
On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability affecting TP-Link TL-WA855RE Wi-Fi Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing signs of active exploitation. The vulnerability, identified as CVE-2020-24363 (CVSS score: 8.8), involves a missing authentication flaw that can be exploited to gain elevated access to the device. CISA noted that “this vulnerability could enable an unauthenticated attacker on the same network to send a TDDP_RESET POST request for a factory reset and reboot,” allowing them to establish incorrect access control by setting a new administrative password. According to malwrforensics, the issue has been addressed in firmware version TL-WA855RE(EU)_V5_200731. However, it’s important to mention that this product has reached end-of-life (EoL) status, making future patches or updates unlikely. Users of the Wi-Fi range extender are therefore advised to take caution.
CISA Includes TP-Link and WhatsApp Vulnerabilities in KEV Catalog Due to Ongoing Exploitation On September 3, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical security vulnerability related to TP-Link TL-WA855RE Wi-Fi Ranger Extenders to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes…
CISA Includes TP-Link and WhatsApp Vulnerabilities in KEV Catalog Due to Ongoing Exploitation
September 3, 2025
Vulnerability / Mobile Security
On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability affecting TP-Link TL-WA855RE Wi-Fi Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing signs of active exploitation. The vulnerability, identified as CVE-2020-24363 (CVSS score: 8.8), involves a missing authentication flaw that can be exploited to gain elevated access to the device. CISA noted that “this vulnerability could enable an unauthenticated attacker on the same network to send a TDDP_RESET POST request for a factory reset and reboot,” allowing them to establish incorrect access control by setting a new administrative password. According to malwrforensics, the issue has been addressed in firmware version TL-WA855RE(EU)_V5_200731. However, it’s important to mention that this product has reached end-of-life (EoL) status, making future patches or updates unlikely. Users of the Wi-Fi range extender are therefore advised to take caution.
August 18, 2021
A significant security flaw in older versions of BlackBerry’s QNX Real-Time Operating System (RTOS) poses a risk of enabling malicious actors to take control of various devices, including cars and medical equipment. This issue, identified as CVE-2021-22156 with a CVSS score of 9.0, is part of a larger series of vulnerabilities dubbed BadAlloc that was first revealed by Microsoft in April 2021. The flaw could potentially serve as a backdoor for attackers, allowing them to disrupt operations or commandeer devices. According to a bulletin from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code on affected devices.” As of now, there are no indications that this vulnerability has been actively exploited. BlackBerry QNX technology serves over 195 million vehicles and embedded systems globally.
Critical Vulnerability in BlackBerry QNX Poses Risk to Millions of Devices August 18, 2021 A significant security vulnerability has been identified in older versions of BlackBerry’s QNX Real-Time Operating System (RTOS), which underpins a vast array of products, including automotive systems, medical equipment, and industrial machinery. This flaw, officially designated…
August 18, 2021
A significant security flaw in older versions of BlackBerry’s QNX Real-Time Operating System (RTOS) poses a risk of enabling malicious actors to take control of various devices, including cars and medical equipment. This issue, identified as CVE-2021-22156 with a CVSS score of 9.0, is part of a larger series of vulnerabilities dubbed BadAlloc that was first revealed by Microsoft in April 2021. The flaw could potentially serve as a backdoor for attackers, allowing them to disrupt operations or commandeer devices. According to a bulletin from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code on affected devices.” As of now, there are no indications that this vulnerability has been actively exploited. BlackBerry QNX technology serves over 195 million vehicles and embedded systems globally.
A serious security flaw has been identified in multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK), potentially allowing remote attackers to gain control of vulnerable devices and execute harmful code. Labeled as CVE-2021-28372 (with a CVSS score of 9.6) and uncovered by FireEye Mandiant in late 2020, this issue involves improper access controls in ThroughTek’s point-to-point (P2P) products. If exploited, attackers could listen in on live audio, view real-time video streams, and compromise device credentials, leading to further attacks stemming from exposed functionalities. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “successful exploitation of this vulnerability could enable remote code execution and unauthorized access to sensitive information, including audio/video feeds from cameras.” There are estimated to be 83 million active devices vulnerable to this flaw.
Severe Vulnerability in ThroughTek SDK Exposes Millions of IoT Devices to Potential Attacks On August 18, 2021, a significant security flaw was identified within multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK). This vulnerability, designated as CVE-2021-28372 with a CVSS score of 9.6, poses a serious risk…
A serious security flaw has been identified in multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK), potentially allowing remote attackers to gain control of vulnerable devices and execute harmful code. Labeled as CVE-2021-28372 (with a CVSS score of 9.6) and uncovered by FireEye Mandiant in late 2020, this issue involves improper access controls in ThroughTek’s point-to-point (P2P) products. If exploited, attackers could listen in on live audio, view real-time video streams, and compromise device credentials, leading to further attacks stemming from exposed functionalities. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “successful exploitation of this vulnerability could enable remote code execution and unauthorized access to sensitive information, including audio/video feeds from cameras.” There are estimated to be 83 million active devices vulnerable to this flaw.
September 5, 2025
Vulnerability / Threat Intelligence
Federal Civilian Executive Branch (FCEB) agencies are directed to update their Sitecore systems by September 25, 2025, due to a critical security vulnerability, identified as CVE-2025-53690, that is currently being exploited. The vulnerability has a CVSS score of 9.0 out of 10, highlighting its severity. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), this flaw affects Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud, allowing for deserialization of untrusted data through default machine keys. This presents an opportunity for attackers to execute remote code by exploiting exposed ASP.NET machine keys. Mandiant, a Google-owned cybersecurity firm, reported that the ongoing ViewState deserialization attacks utilized a sample machine key found in Sitecore deployment guides from 2017 and earlier. The threat intelligence team…
CISA Urges Immediate Updates to Sitecore Systems Due to Critical Vulnerability Under Active Attack September 5, 2025 Recent developments in cybersecurity have prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a warning to Federal Civilian Executive Branch (FCEB) agencies regarding a critical vulnerability in Sitecore software, specifically affecting…
September 5, 2025
Vulnerability / Threat Intelligence
Federal Civilian Executive Branch (FCEB) agencies are directed to update their Sitecore systems by September 25, 2025, due to a critical security vulnerability, identified as CVE-2025-53690, that is currently being exploited. The vulnerability has a CVSS score of 9.0 out of 10, highlighting its severity. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), this flaw affects Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud, allowing for deserialization of untrusted data through default machine keys. This presents an opportunity for attackers to execute remote code by exploiting exposed ASP.NET machine keys. Mandiant, a Google-owned cybersecurity firm, reported that the ongoing ViewState deserialization attacks utilized a sample machine key found in Sitecore deployment guides from 2017 and earlier. The threat intelligence team…
Government, Industry Specific, Regulation White House Proposes Significant Cuts to Cyber Defense Agency’s Budget Chris Riotta (@chrisriotta) • April 6, 2026 The White House is proposing substantial reductions to CISA’s budget for fiscal year 2027. (Image: Shutterstock) The White House has unveiled a budget proposal for fiscal year 2027 that…
On Friday, Microsoft reported a significant security incident involving the exploitation of two zero-day vulnerabilities in Microsoft Exchange servers by a single threat actor group as far back as August 2022. This group successfully gained initial access through coordinated attacks targeting fewer than ten organizations worldwide. The compromises facilitated the…
Fortinet Confirms Active Exploitation of Critical Vulnerability in Firewall and Proxy Products On Monday, Fortinet disclosed a critical security vulnerability affecting its firewall and proxy offerings, warning that the flaw is currently being exploited in the wild. This vulnerability, tracked as CVE-2022-40684 and rated with a CVSS score of 9.6,…
