The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a newly patched vulnerability affecting Microsoft’s .NET and Visual Studio products in its Known Exploited Vulnerabilities (KEV) catalog. This decision comes in response to evidence indicating that the flaw is actively being exploited in the wild. This vulnerability, tracked…
Encryption & Key Management , Security Operations Forrester’s Sandy Carielli Discusses Preparing for Quantum Security Migrations Jennifer Lawinski • January 15, 2026 Tech leaders are increasingly preparing for complex quantum security migrations that involve product, infrastructure, and supply chain considerations. (Image: Shutterstock) The advent of quantum computing poses…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a significant security vulnerability affecting Adobe ColdFusion in its Known Exploited Vulnerabilities (KEV) catalog. This action follows evidence indicating active exploitation of the flaw. Cataloged as CVE-2023-26359, with a CVSS score of 9.8, this vulnerability pertains to a deserialization…
Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime CISA Issues Warning on Increased Cyber Threats Following U.S. Operation in Venezuela Chris Riotta (@chrisriotta) • January 8, 2026 Image: Panumas Nikhomkhai/Shutterstock Cybersecurity and national security officials have raised alarms following a U.S. operation in Venezuela, indicating a heightened…
Microsoft has recently identified a link between the exploitation of a critical vulnerability in Atlassian Confluence Data Center and Server, marked as CVE-2023-22515, and a state-sponsored group known as Storm-0062 (also referred to as DarkShadow or Oro0lxy). This critical flaw is a privilege escalation vulnerability that has been actively exploited…
Cisco Systems has recently disclosed a severe, unpatched vulnerability affecting its IOS XE software, which is currently under active exploitation by threat actors. The zero-day flaw, identified as CVE-2023-20198, holds a critical severity rating of 10.0 on the Common Vulnerability Scoring System (CVSS). This vulnerability specifically impacts enterprise networking hardware…
Cisco has issued an urgent warning regarding a severe zero-day vulnerability in its IOS XE software, which is currently being exploited by an unknown actor to introduce a malicious Lua-based implant on affected devices. The vulnerability, designated as CVE-2023-20273, carries a CVSS score of 7.2 and is associated with privilege…
Concerns Rise Over Federal Cybersecurity Amid Shutdown The recent prolonged government shutdown has intensified worries regarding the state of federal cybersecurity, potentially creating vulnerabilities during a time when numerous workers were furloughed. This disruption has exacerbated the longstanding issues of IT backlogs within various government agencies. According to an anonymous…
On November 8, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) formally recognized a critical vulnerability in the Service Location Protocol (SLP) by adding it to its Known Exploited Vulnerabilities (KEV) catalog. This entry highlights the agency’s concerns regarding active exploitations of the flaw, which has been assigned the…
