Attack Surface Management, Security Operations Administering Response to NTLM Vulnerability Exploitation Greg Sirico • October 21, 2025 Image: Afansev Ivan/Shutterstock The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding an actively exploited vulnerability in the Server Message Block (SMB) protocol. This flaw, identified as CVE-2025-33073, has…
On Monday, Cisco issued an updated advisory highlighting an ongoing threat linked to a long-standing vulnerability in its Adaptive Security Appliance (ASA). The flaw, identified as CVE-2014-2120, has a CVSS score of 4.3 and relates to insufficient input validation within the WebVPN login interface. This vulnerability permits unauthenticated remote attackers…
Recent advisories issued by cybersecurity agencies in both Australia and the United States have exposed critical vulnerabilities present in web applications that could be exploited by cybercriminals, risking data breaches and the theft of sensitive information. The joint advisory particularly underscores the threat posed by Insecure Direct Object Reference (IDOR)…
Government, Industry Specific Swalwell Expresses Concerns Over CISA Staffing Cuts Exposing Nation to Cyber Threats Chris Riotta (@chrisriotta) • October 16, 2025 Rep. Eric Swalwell, D-Calif., at a news conference at the U.S. Capitol on July 28, 2022. (Image: Phil Pasquini/Shutterstock) Rep. Eric Swalwell, a senior House Democrat, is demanding…
US Intelligence Agencies Warn of Increased Cyber Threats from Russian Actors In light of escalating tensions between the U.S. and Russia related to Ukraine and Kazakhstan, American cybersecurity and intelligence agencies have issued a joint advisory detailing strategies for detecting, responding to, and mitigating cyberattacks perpetrated by Russian state-sponsored entities.…
Recent Cybersecurity Alerts: CISA Highlights New Vulnerabilities; FBI Warns on IoT Threats The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday the addition of two significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, underscoring the active exploitation of these security flaws across various platforms. This proactive measure…
F5 Networks Faces Security Concerns Amid Reports of Compromise In a troubling development for cybersecurity, F5 Networks has reported that its BIG-IP appliances, crucial for load balancing and data encryption at the network edge, may have been compromised. These devices are positioned strategically within networks, enabling them to facilitate traffic…
The Cybersecurity and Infrastructure Security Agency (CISA) has recently flagged a significant security vulnerability affecting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products. This vulnerability, designated as CVE-2024-12356, boasts a critical CVSS score of 9.8 and involves a command injection flaw that could be exploited by malicious actors…
On December 23, 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical vulnerability affecting Acclaim Systems USAHERDS to its Known Exploited Vulnerabilities (KEV) catalog. This addition follows verifiable evidence that the flaw has been actively exploited. The vulnerability, identified as CVE-2021-44207, has a CVSS…
