On Friday, Microsoft issued a grave warning regarding the active exploitation of vulnerabilities in unpatched Microsoft Exchange Servers affecting numerous organizations globally. The cyberattack campaigns reportedly compromise tens of thousands of businesses and government bodies across the United States, Europe, and Asia. The company’s security team reported a significant escalation…
Red Hat Issues Urgent Security Alert Following Backdoor Discovery in XZ Utils On Friday, Red Hat issued an urgent security alert, revealing a critical security vulnerability involving two versions of the widely-used data compression library known as XZ Utils, previously LZMA Utils. This vulnerability allows malicious actors to gain unauthorized…
Government, Healthcare, Industry Specific Also: Akira Ransomware Targets Healthcare, AI’s Sycophancy Becomes a Security Risk Anna Delaney (annamadeline) • November 21, 2025 Clockwise, from top left: Anna Delaney, Tony Morbin, Chris Riotta, and Marianne Kolbasuk McGee This week’s ISMG Editors’ Panel convened a discussion among four seasoned editors, who addressed…
Government, Industry Specific Internal Memo Reveals Staffing Crisis at CISA, Blames Trump-Era Cuts Chris Riotta (@chrisriotta) • November 18, 2025 Madhu Gottumukkala, acting director of CISA. (Image: CISA) The Cybersecurity and Infrastructure Security Agency (CISA) is grappling with a significant staffing crisis, as revealed in a recent internal memo from…
Palo Alto Networks has disclosed a significant security vulnerability affecting PAN-OS that is currently under active exploitation by cybercriminals. This flaw, designated as CVE-2024-3400 with a CVSS score of 10.0, is characterized as “intricate,” arising from the combination of two distinct bugs present in PAN-OS versions 10.2, 11.0, and 11.1.…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently unveiled details about a sophisticated advanced persistent threat (APT) that has been exploiting the Supernova backdoor to infiltrate SolarWinds Orion installations. The breach was traced back to access gained through a connection to a compromised Pulse Secure VPN device. CISA reported…
The Cybersecurity and Infrastructure Security Agency (CISA), alongside the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), has released a joint advisory aimed at elucidating the tactics, techniques, and procedures (TTPs) employed by the Russian Foreign Intelligence Service (SVR) in its cyber operations against U.S. and…
Government, Industry Specific, Network Firewalls, Network Access Control CISA Discovers Agencies Misled About Cisco Patch Updates Chris Riotta (@chrisriotta) • November 13, 2025 Image: PJ McDonnell/Shutterstock The Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms regarding critical vulnerabilities in Cisco devices, indicating that U.S. government agencies have inadequately addressed…
Cybersecurity Spending, Legislation, Standards, Regulations & Compliance Restoration of CISA Staffing Levels and State Grant Program Under Congressional Plan Chris Riotta (@chrisriotta) • November 12, 2025 Image: Shutterstock A recently proposed congressional funding bill aims to conclude the longest government shutdown in U.S. history and includes essential measures for the…
