< ciso
brief />
Tag Banner

All news with #cisa kev tag

176 articles

CISA urges immediate patching of Fortinet FortiSandbox

πŸ›‘οΈ The US Cybersecurity and Infrastructure Security Agency (CISA) has added two critical FortiSandbox vulnerabilities, CVE-2026-39808 and CVE-2026-25089, to its Known Exploited Vulnerabilities catalog and ordered federal agencies to apply patches by July 19. Both flaws are OS command injection bugs with CVSS scores of 9.1 and have documented in-the-wild exploitation. Fortinet released fixes in FortiSandbox versions 4.4.9 and 5.0.6; CISA advised discontinuing cloud services where mitigations are unavailable.
read more β†’

CISA Lists Exploited SharePoint RCE in KEV Catalog

πŸ”’ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Microsoft SharePoint Server vulnerability, CVE-2026-58644 (CVSS 9.8), to its Known Exploited Vulnerabilities catalog, requiring Federal agencies to patch by July 19, 2026. Microsoft confirmed the flaw enables remote code execution via deserialization of untrusted data and has been exploited in the wild; fixes were issued on Patch Tuesday, July 14, 2026. Affected versions include SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. CISA also warned of active exploitation of multiple SharePoint flaws and recommended hardening steps including applying updates, enabling AMSI, rotating IIS machine keys, limiting internet exposure, and tightening access controls.
read more β†’

Weekly roundup: emerging cyber threats and takedowns

πŸ›‘οΈ This week’s roundup highlights a wave of opportunistic attacks where familiar software and weak defaults are abused to escalate damage quickly. Reports include malicious NuGet packages that deliver spyware via game cheats, trojanized installers distributing sophisticated RATs, and a fast-spreading Rust ransomware incident that encrypted a network within 24 hours. Additional items cover actively exploited CVEs added to CISA’s KEV, guidance for coordinated vulnerability disclosure, large-scale fraud and money‑laundering disruptions in Europe, evasive Windows bind-link techniques, fake GitHub repos spreading an infostealer, and misuse of Chrome Sync for covert surveillance.
read more β†’

SonicWall SMA 1000 Zero‑Days Prompt Urgent Patches

πŸ›‘οΈ SonicWall warned of active exploitation of two zero‑day vulnerabilities affecting Secure Mobile Access (SMA) 1000 series appliances, including an SSRF that scores 10.0 and a post‑auth code injection allowing command execution. Patches are available in platform hotfix builds 12.4.3‑03453, 12.5.0‑02835 and later; customers are urged to apply fixes and perform forensic checks for specific IoCs. CISA added both flaws to its KEV catalog and set a July 17, 2026 deadline for federal agencies.
read more β†’

CISA warns of exploited RCE in Joomla extensions

πŸ”’ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that attackers are actively exploiting arbitrary file upload vulnerabilities in the iCagenda and Balbooa Forms Joomla extensions to achieve remote code execution. The agency designated these flaws as maximum priority and ordered federal agencies to apply updates or mitigations within three days. Vendors released fixes in iCagenda 4.0.8/3.9.15 and Balbooa Forms 2.4.1 after automated and zero-day exploitation was observed. Administrators should check installations and apply the available patches immediately.
read more β†’

CISA directs federal patch for ColdFusion zero-day

πŸ”’ The U.S. Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch an actively exploited, maximum-severity vulnerability in Adobe ColdFusion (CVE-2026-48282) by Friday. Adobe published fixes for affected ColdFusion versions last week and urged administrators to install updates immediately. The flaw enables unauthenticated remote code execution in low-complexity attacks and has been observed in the wild soon after disclosure. CISA added the issue to its KEV catalog and invoked BOD 26-04 to enforce remediation timelines for FCEB agencies.
read more β†’

CISA Adds Four Newly Exploited Vulnerabilities

πŸ›‘οΈ The US Cybersecurity and Infrastructure Security Agency (CISA) added four vulnerabilities to its Known Exploited Vulnerabilities catalog, citing active exploitation. The flaws include critical Adobe ColdFusion path traversal (CVE-2026-48282), Joomlack Page Builder improper access control (CVE-2026-56290), Langflow authorization bypass (CVE-2026-55255), and JoomShaper SP Page Builder unrestricted file upload (CVE-2026-48908). Exploitation observed ranged from immediate post-disclosure attacks to targeted campaigns stealing credentials and deploying web shells. Agencies are urged to apply patches by July 10, 2026.
read more β†’

CISA Adds SharePoint RCE CVE-2026-45659 to KEV Catalog

πŸ”’ CISA has added a high-severity SharePoint Server vulnerability, CVE-2026-45659 (CVSS 8.8), to its Known Exploited Vulnerabilities catalog following evidence of active exploitation. Microsoft patched the deserialization-based remote code execution flaw in May 2026 for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. The issue can be triggered by any authenticated attacker with as little as Site Member permissions and does not require elevated privileges. Federal agencies are advised to apply updates by July 4, 2026, while Microsoft assesses public exploitation as "Exploitation Less Likely."
read more β†’

Critical SimpleHelp RMM authentication bypass exploited

πŸ”’ A critical authentication bypass in SimpleHelp's RMM software was exploited to forge a technician login token and deliver two previously unseen malware families. Researchers at Blackpoint Cyber found the flaw (CVE-2026-48558) allowed unauthenticated token forgery by skipping cryptographic signature checks in OpenID Connect. Attackers abused built-in file transfer and remote execution to deploy a Node.js loader named TaskWeaver and a cross-platform stealer called Djinn Stealer. The vulnerability received a CVSS score of 10 and was patched in late May; CISA added it to KEV on June 29.
read more β†’

CISA: BlueHammer bug now exploited by ransomware

πŸ›‘οΈ CISA confirms ransomware actors are exploiting the high-severity Microsoft Defender privilege escalation flaw dubbed BlueHammer (CVE-2026-33825). The bug was leaked with proof-of-concept code by researcher "Nightmare Eclipse" in April and later patched by Microsoft on April 14. CISA added the flaw to its KEV Catalog and ordered federal agencies to patch, and has now flagged it as used in ransomware campaigns.
read more β†’

Critical PTC Windchill PLM Flaw Under Active Exploitation

πŸ›‘οΈ Hackers are exploiting a critical unsafe deserialization vulnerability in PTC Windchill and FlexPLM that enables remote code execution. The flaw, tracked as CVE-2026-12569 and scored 9.3 CVSS, affects the Windchill PDMLink web component. PTC issued mitigations and patches on June 17–19 and provided indicators of compromise after reports of web shell deployment. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog.
read more β†’

CISA orders urgent patches for exploited Cisco and PLM flaws

πŸ”” The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has set a June 28 deadline under BOD 26-04 for federal agencies to patch a critical Cisco Unified Communications Manager Server SSRF vulnerability, CVE-2026-20230, which is being actively exploited. Cisco released a patch on June 3 and labeled the issue critical after a proof-of-concept existed; subsequent reports showed active attacks writing arbitrary files. CISA also added a critical RCE flaw, CVE-2026-12569, affecting PTC Windchill and FlexPLM products to its Known Exploited Vulnerabilities list, requiring immediate remediation.
read more β†’

CISA Adds PTC Windchill RCE to KEV Catalog

πŸ”’ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical RCE vulnerability affecting PTC Windchill PDMlink and PTC FlexPLM to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The flaw, tracked as CVE-2026-12569 with a CVSS score of 9.3, allows arbitrary code execution via improper input validation and deserialization of untrusted data. Patches were released last week, but PTC warns of ongoing attacks deploying JSP web shells and published IoCs and mitigations.
read more β†’

CISA warns of critical Ubiquiti and Lantronix flaws

πŸ”’ CISA has added four high-severity vulnerabilities to its Known Exploited Vulnerabilities catalog, including three Ubiquiti UniFi OS flaws and a Lantronix EDS5000 command injection. The agency's BOD 26-04 requires federal agencies to apply fixes or mitigations within three days. Vendors have released patches and detection guidance, and researchers provided proof-of-concept chaining and a detection script to help defenders identify affected devices.
read more β†’

CISA warns: Patch critical Splunk Enterprise flaw by Sunday

πŸ”’ The U.S. CISA has ordered federal agencies to patch a critical Splunk Enterprise vulnerability (CVE-2026-20253) by Sunday after evidence of active exploitation. The flaw impacts Splunk Enterprise versions 10.2.0–10.2.3 and 10.0.0–10.0.6 and allows unauthenticated attackers to create or truncate arbitrary files via a PostgreSQL sidecar service endpoint. Splunk released patches and mitigation guidance, and Shadowserver has identified over 1,400 Internet-exposed Splunk instances that may be at risk.
read more β†’

CISA Adds One Vulnerability to KEV Catalog

πŸ”” CISA added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation. The alert underscores that such vulnerabilities are frequent attack vectors and pose significant risks to the federal enterprise. BOD 26-04 requires Federal Civilian Executive Branch agencies to prioritize rapid remediation of high-risk KEV-listed CVEs on internet-exposed assets and to check for compromise before patching. CISA encourages all organizations to adopt risk-based vulnerability management and to submit candidate vulnerabilities via the KEV Nomination Form.
read more β†’

CISA flags critical JCE Joomla flaw exploited

πŸ”’ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a maximum-severity flaw in Widget Factory's Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities catalog, citing active exploitation. Tracked as CVE-2026-48907 (CVSS 10.0), the improper access control bug allows unauthenticated creation of editor profiles and potential PHP code upload and execution. The flaw affects JCE versions 1.0.0 through 2.9.99.4 and was patched in 2.9.99.5 on June 3, 2026; FCEB agencies must apply fixes by June 19, 2026.
read more β†’

CISA Adds One Vulnerability to KEV Catalog

πŸ”” CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog after confirming evidence of active exploitation. This vulnerability type remains a common attack vector and presents significant risk to the federal enterprise. BOD 26-04 reinforces rapid remediation of KEV-listed CVEs for federal agencies and updates prior guidance. CISA encourages all organizations to adopt risk-based vulnerability management and may add further vulnerabilities that meet KEV criteria.
read more β†’

CISA warns: actively exploited LiteSpeed cPanel flaw

⚠️ CISA has ordered federal agencies to secure servers against an actively exploited LiteSpeed cPanel user-end plugin flaw (CVE-2026-48172 / CVE-2026-54420) that can allow privilege escalation to root on shared hosting with CloudLinux/CageFS. The vulnerability affects plugin versions prior to 2.4.8 and stems from a UNIX symlink following weakness; LiteSpeed released urgent updates and provided a command to check for compromises. Agencies must comply with BOD 26-04 and remediate systems within three days per the Known Exploited Vulnerabilities Catalog.
read more β†’

CISA Adds LiteSpeed cPanel Plugin Flaw to KEV

πŸ›‘οΈ CISA added CVE-2026-54420 β€” a privilege escalation flaw in the LiteSpeed cPanel plugin β€” to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to remediate by June 18, 2026. The vulnerability (CVSS 8.5) allows a user with FTP or web shell access to escalate to root on shared hosting running CloudLinux/CageFS. LiteSpeed advised running a specific grep check in cPanel logs to detect exploitation and recommended upgrading to LiteSpeed WHM Plugin v5.3.2.1 (with cPanel plugin v2.4.8) or later. Namecheap reported the issue on May 31, 2026.
read more β†’