Palo Alto Networks has disclosed a significant security vulnerability affecting PAN-OS that is currently under active exploitation by cybercriminals. This flaw, designated as CVE-2024-3400 with a CVSS score of 10.0, is characterized as “intricate,” arising from the combination of two distinct bugs present in PAN-OS versions 10.2, 11.0, and 11.1.…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently unveiled details about a sophisticated advanced persistent threat (APT) that has been exploiting the Supernova backdoor to infiltrate SolarWinds Orion installations. The breach was traced back to access gained through a connection to a compromised Pulse Secure VPN device. CISA reported…
The Cybersecurity and Infrastructure Security Agency (CISA), alongside the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), has released a joint advisory aimed at elucidating the tactics, techniques, and procedures (TTPs) employed by the Russian Foreign Intelligence Service (SVR) in its cyber operations against U.S. and…
Government, Industry Specific, Network Firewalls, Network Access Control CISA Discovers Agencies Misled About Cisco Patch Updates Chris Riotta (@chrisriotta) • November 13, 2025 Image: PJ McDonnell/Shutterstock The Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms regarding critical vulnerabilities in Cisco devices, indicating that U.S. government agencies have inadequately addressed…
Cybersecurity Spending, Legislation, Standards, Regulations & Compliance Restoration of CISA Staffing Levels and State Grant Program Under Congressional Plan Chris Riotta (@chrisriotta) • November 12, 2025 Image: Shutterstock A recently proposed congressional funding bill aims to conclude the longest government shutdown in U.S. history and includes essential measures for the…
Ivanti has disclosed a critical security vulnerability impacting its Cloud Service Appliance (CSA), which has been detected as actively exploited in the wild. The vulnerability, designated as CVE-2024-8963, holds a high CVSS score of 9.4 out of 10, indicating its severity. It was inadvertently addressed in CSA versions 4.6 Patch…
Ransomware Attack Halts Colonial Pipeline Operations, Highlighting Cybersecurity Vulnerabilities On Saturday, Colonial Pipeline, a crucial provider transporting approximately 45% of the fuel consumed on the U.S. East Coast, officially announced it has suspended operations due to a ransomware attack. This incident underscores the susceptibility of critical infrastructure to cyber threats.…
In a significant cybersecurity incident, the Colonial Pipeline, a crucial fuel pipeline operator in the United States, fell victim to a ransomware attack that has led to a regional emergency declaration from the U.S. Federal Motor Carrier Safety Administration (FMCSA). This declaration affects 17 states and the District of Columbia,…
Cybersecurity experts have issued alerts regarding ongoing exploitation attempts surrounding a recently identified vulnerability in Synacor’s Zimbra Collaboration software. Enterprise security firm Proofpoint detected malicious activity linked to this flaw beginning on September 28, 2024. The targeted vulnerability, tracked as CVE-2024-45519, is a critical security issue within Zimbra’s postjournal service,…
