On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog, adding three identified security flaws currently under active exploitation. This action underscores the ongoing priority for organizations to remain vigilant and address vulnerabilities promptly to protect their systems. The newly cataloged vulnerabilities include…
AI-Based Attacks, Artificial Intelligence & Machine Learning, Critical Infrastructure Security Also: AI-Driven Deception, Cyber Deterrence, and Resilience Anna Delaney (annamadeline) • December 26, 2025 Clockwise, from top left: Anna Delaney, Mathew Schwartz, Michael Novinson, and Tom Field The ISMG editorial team recently offered insights into the cybersecurity landscape of 2025,…
The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security has issued a critical warning concerning a new ransomware threat targeting various industries associated with critical infrastructure. This advisory was prompted by a recent cyberattack that impacted a natural gas compression facility through a spear-phishing incident,…
Qualcomm Issues Security Advisory for High-Severity Flaws In recent developments, chipmaker Qualcomm has disclosed significant information regarding three critical security vulnerabilities that were reportedly exploited in targeted attacks as of October 2023. The company emphasized that these flaws were subjected to “limited, targeted exploitation,” raising alarms about their implications for…
Cybersecurity Agencies Warn of QSnatch Malware Threat Targeting QNAP Devices In a joint advisory issued by cybersecurity agencies in the United States and the United Kingdom, significant warnings have been raised regarding an ongoing malware threat known as QSnatch, which is affecting network-attached storage (NAS) devices produced by Taiwanese company…
Recent disclosures from US intelligence agencies reveal an alarming resurgence of a 12-year-old strain of malware, known as “Taidoor.” This variant is believed to be employed by state-sponsored actors from China, targeting a wide array of institutions, including government bodies, corporations, and think tanks. The malware, which has been active…
The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has issued an alert regarding a sophisticated malware campaign attributed to North Korean hackers targeting government contracting firms. This new threat, identified as “BLINDINGCAN,” utilizes an advanced remote access Trojan designed to create a backdoor into compromised systems. The…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included six new security vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, citing clear indications of ongoing exploitation. This move emphasizes the necessity for organizations to remain vigilant and proactive in their cybersecurity measures. Among the newly flagged vulnerabilities is…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially included a critical vulnerability affecting Microsoft SharePoint Server in its Known Exploited Vulnerabilities (KEV) catalog, highlighting evidence of active exploitation within various environments. This vulnerability, identified as CVE-2023-29357, has garnered a significant CVSS score of 9.8, indicating its severity and…
