On March 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of a high-severity vulnerability in its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability is associated with a supply chain compromise affecting the GitHub Action known as tj-actions The vulnerability, identified as CVE-2025-30066, has been assigned…
This week’s cybersecurity update delves into various evolving threats, including a sophisticated phishing technique used by Russian threat actors. Covering issues from device code phishing to cloud-based attacks, this summary transforms complex technicalities into comprehensible insights, tailored for tech-savvy professionals. ⚡ Threat of the Week The recent disclosure from Microsoft…
In the realm of cybersecurity, last week’s developments showcased a significant range of incidents and insights. These events reflect the evolving landscape of cyber threats and the pressing need for vigilance among businesses and professionals. A critical incident involved Salesloft Drift, where attackers gained unauthorized access through the company’s GitHub…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially incorporated two significant six-year-old vulnerabilities affecting the Sitecore Content Management System and Experience Platform into its Known Exploited Vulnerabilities (KEV) catalog. This addition follows credible evidence indicating that these flaws are being actively targeted by malicious actors. The first vulnerability,…
U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to investigate Microsoft following its role in a significant ransomware attack on Ascension Hospital, resulting in the exposure of 5.6 million patient records. In a letter dated September 10, 2025, Senator Wyden criticized Microsoft’s software, claiming it facilitated…
CISA Reveals New Vision for CVE Program Amid Funding Concerns Chris Riotta (@chrisriotta) • September 11, 2025 Image: Mitre/Shutterstock/ISMG The Cybersecurity and Infrastructure Security Agency (CISA) has announced an updated vision for its Common Vulnerabilities and Exposures (CVE) program, a crucial system for tracking vulnerabilities worldwide. Despite the agency’s objectives,…
On March 10, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of five new vulnerabilities affecting Advantive VeraCore and Ivanti Endpoint Manager (EPM) in its Known Exploited Vulnerabilities (KEV) catalog, following confirmed cases of exploitation in the wild. This escalation emphasizes a heightened risk for organizations…
VMware Addresses Ransomware Attacks Targeting ESXi Servers On Monday, VMware announced that it has not detected any activity regarding the exploitation of an undisclosed zero-day vulnerability in its software amid a global wave of ransomware assaults. The company clarified that reports indicate attackers are primarily targeting End of General Support…
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a medium-severity security vulnerability in Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog. This decision follows reports indicating that the flaw is actively being exploited in real-world scenarios. The vulnerability, identified as CVE-2025-24054, received a…
