On December 23, 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical vulnerability affecting Acclaim Systems USAHERDS to its Known Exploited Vulnerabilities (KEV) catalog. This addition follows verifiable evidence that the flaw has been actively exploited. The vulnerability, identified as CVE-2021-44207, has a CVSS…
On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of three vulnerabilities affecting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog. This action was taken in response to evidence indicating that these flaws are actively being exploited. The vulnerabilities identified include…
Critical Infrastructure Security, Government, Industry Specific US Cyber Defense Agency Faces Crisis Amid Shutdown and Resource Shortfalls Chris Riotta (@chrisriotta) • October 10, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is currently grappling with significant challenges that threaten its operational capabilities. Political pressures, notably exacerbated by ongoing tensions…
Critical Security Flaw in Ivanti Products Under Active Exploitation Ivanti has issued a warning regarding a severe security vulnerability affecting its Ivanti Connect Secure, Policy Secure, and ZTA Gateways, which has been subject to active exploitation since mid-December 2024. The vulnerability, identified as CVE-2025-0282, has been assigned a high CVSS…
On Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a second vulnerability affecting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) solutions to its Known Exploited Vulnerabilities (KEV) catalog. This decision follows the identification of ongoing exploitation of the flaw in real-world environments. The…
Recent reports have highlighted a concerning campaign targeting Fortinet FortiGate firewalls with exposed management interfaces on the public internet. Released by cybersecurity firm Arctic Wolf, this analysis reveals significant unauthorized access to these critical devices. The attackers were able to log in as administrators, create new accounts, authenticate through SSL…
On Thursday, the Russian government issued an alert regarding ongoing cyber attacks aimed at critical infrastructure within the country, coinciding with the intensification of its military actions in Ukraine. This development marks a notable increase in cybersecurity threats that could affect a variety of sectors, prompting deeper concerns among business…
New Malware Exposed as Iranian APT Group Targets Global Networks Cybersecurity agencies from the United States and the United Kingdom have revealed new malware attributed to the Iranian government-sponsored advanced persistent threat (APT) group known as MuddyWater. This malware is reported to facilitate attacks against both government and commercial networks…
Generative AI is poised to empower individuals to perpetrate advanced phishing attacks, which will only be thwarted by next-generation multi-factor authentication devices. In 2023, ransomware incidents soared to unprecedented levels, resulting in record-breaking damages. Weekly headlines highlighted high-profile organizations such as MGM, Johnson Controls, Clorox, Hanes Brands, and Caesars Palace,…
