Congressional Investigation Reveals $20.9 Billion in Losses from Data Breaches This week, Congressional Democrats on the Joint Economic Committee published a report revealing an alarming $20.9 billion in consumer losses attributed to identity theft linked to four significant data breaches involving data broker companies. The investigation, initiated by U.S. Senator…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reported a security breach involving a federal agency, attributed to threat actors affiliated with the Iranian government. The attackers exploited the Log4Shell vulnerability found in an unpatched VMware Horizon server, demonstrating a sophisticated exploitation technique. The breach, which occurred between mid-June…
On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog, identifying three flaws currently being actively exploited. This addition underscores the persistent threat landscape faced by organizations, especially those in critical sectors. Among the newly acknowledged vulnerabilities is CVE-2022-24990, which affects TerraMaster network-attached…
On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of three significant vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. This decision follows emerging evidence of active exploitation affecting specific target systems. The identified vulnerabilities include: CVE-2022-47986, a code execution flaw in IBM Aspera Faspex (CVSS…
In its March 2023 Patch Tuesday update, Microsoft disclosed fixes for 80 security vulnerabilities, two of which have been actively exploited in the wild. These vulnerabilities target critical components within the Microsoft ecosystem, with eight categorized as Critical, 71 as Important, and one as Moderate in severity. This update continues…
Government, Industry Specific Acting Chief Informs Lawmakers of Potential Furloughs Amid Funding Uncertainty Chris Riotta (@chrisriotta) • February 11, 2026 In a critical address to Congress, CISA’s acting director, Madhu Gottumukkala, highlighted the severe implications of a funding lapse for the Cybersecurity and Infrastructure Security Agency. If Congress fails to…
On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog by adding three security flaws, highlighting the urgent need for businesses to address vulnerabilities currently being exploited in the wild. The newly identified vulnerabilities include CVE-2023-28432, a significant information disclosure issue affecting MinIO,…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified and added three security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting concerns over active exploitation. These vulnerabilities pose significant risks to various systems and require immediate attention from cybersecurity professionals. The first vulnerability, CVE-2023-1389, carries a CVSS score…
On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a critical advisory highlighting a serious vulnerability impacting ME RTU remote terminal units. This flaw, identified as CVE-2023-2131, has been assigned a maximum severity score of 10.0 on the Common Vulnerability Scoring System (CVSS), underscoring its potential for exploitation…
