CISA
CISA and FBI warn of escalating Interlock ransomware attacks
CISA and the FBI warned on Tuesday of increased Interlock ransomware activity targeting businesses and critical infrastructure organizations in double extortion attacks. Today’s advisory was jointly authored with the Department of Health and Human Services (HHS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) and it provides network defenders with indicators of compromise (IOCs) collected […]
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. Such a short deadline for installing the patches is unprecedented since CISA released the Known Exploited Vulnerabilities (KEV) catalog, showing the severity of […]
U.S. warns of Iranian cyber threats on critical infrastructure
U.S. cyber agencies, the FBI, and NSA issued an urgent warning today about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure. CISA says there are no indications of an ongoing campaign but urges critical infrastructure organizations and other potential targets to monitor their defense due to the current unrest in the Middle East and cyber […]
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks
CISA has confirmed that a maximum severity vulnerability in AMI’s MegaRAC Baseboard Management Controller (BMC) software is now actively exploited in attacks. The MegaRAC BMC firmware provides remote system management capabilities for troubleshooting servers without being physically present, and it’s used by several vendors (including HPE, Asus, and ASRock) that supply equipment to cloud service […]
CISA warns of attackers exploiting Linux flaw with PoC exploit
CISA has warned U.S. federal agencies about attackers targeting a high-severity vulnerability in the Linux kernel’s OverlayFS subsystem that allows them to gain root privileges. This local privilege escalation security flaw (CVE-2023-0386) is caused by a Linux kernel improper ownership management weakness and was patched in January 2023 and publicly disclosed two months later. Multiple proof-of-concept (PoC) exploits […]
CISA warns of ConnectWise ScreenConnect bug exploited in attacks
CISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server. The agency is warning that four other security problems affecting ASUS routers and the Craft content management system (CMS) are also actively exploited. Improper authentication in ConnectWise ScreenConnect On […]
CISA tags recently patched Chrome bug as actively exploited
On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. Solidlab security researcher Vsevolod Kokorin discovered the flaw (CVE-2025-4664) and shared technical details online on May 5th. Google released security updates to patch it on Wednesday. As Kokorin explained, the vulnerability is due to insufficient policy enforcement […]
CISA warns of hackers targeting critical oil infrastructure
CISA warned critical infrastructure organizations of “unsophisticated” threat actors actively targeting the U.S. oil and natural gas sectors. While these attacks use very basic tactics to compromise their targets’ industrial control systems (ICS) and operational technology (OT) equipment, CISA also cautioned that they could still lead to significant impact, including physical damage and disruptions. “CISA is increasingly aware of unsophisticated […]
Critical Langflow RCE flaw exploited to hack AI app servers
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. The vulnerability is tracked as CVE-2025-3248 and is a critical unauthenticated RCE flaw that allows any attacker on the internet to take full control of vulnerable […]
CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. The flaws were added yesterday to CISA’s ‘Known Exploited Vulnerabilities’ (KEV) catalog, with the Broadcom Brocade Fabric OS and Commvault flaws not previously tagged as exploited. […]