Cybersecurity researchers from Rapid7 have uncovered a concerning link between threat actors who exploited a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 and a previously unreported SQL injection flaw in PostgreSQL. This newly identified vulnerability, designated as CVE-2025-1094, has been assigned…
Government, Industry Specific Cybersecurity Programs, Workforce Face Disruption If Congress Fails to Act Chris Riotta (@chrisriotta) • September 26, 2025 Image: Keith Lamond/Shutterstock The U.S. Congress faces a critical deadline, with only four days remaining to prevent a government shutdown and the termination of a pivotal public-private threat-sharing law. This…
Recent cybersecurity advisories from U.S. intelligence and cybersecurity agencies have revealed that North Korean state-sponsored hackers are utilizing Maui ransomware to specifically target the healthcare sector since at least May 2021. The advisory indicates that compromised servers responsible for essential healthcare services—including electronic health records, diagnostic imaging, and internal communication…
Recent cyber activity has revealed significant vulnerabilities and breaches affecting U.S. federal agencies and corporations, highlighting the ongoing threats in the cybersecurity landscape. The Cybersecurity and Infrastructure Security Agency (CISA) reported that hackers exploited a known vulnerability in an open-source geospatial data server, leading to the deployment of a web…
CISA Reports Breach Linked to GeoServer Vulnerability A recent security incident has come to light involving a breach at a federal agency, attributed to a vulnerability in GeoServer, a popular open-source server used for sharing geospatial data. The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed this attack, raising significant…
Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog by adding two critical security flaws affecting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM). This action stems from emerging evidence indicating active exploitation of these vulnerabilities. The newly added vulnerabilities are…
CISA Adds New Vulnerabilities to KEV Catalog: Immediate Action Required The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog by adding two significant security flaws that have been actively exploited. These vulnerabilities affect the Microsoft Partner Center and the Synacor Zimbra Collaboration Suite…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued urgent notifications regarding a serious vulnerability found in Contec CMS8000 and Epsimed MN-120 patient monitors. This critical flaw involves hidden functionalities that could be exploited by unauthorized actors. Designated as CVE-2025-0626, the identified…
A recently uncovered security vulnerability in Apache Tomcat has begun to see active exploitation shortly after its disclosure. The flaw, designated as CVE-2025-24813, was made publicly available along with a proof-of-concept (PoC) within just 30 hours of its initial announcement. This vulnerability impacts several versions of Apache Tomcat, including 11.0.0-M1…
