< ciso
brief />
Tag Banner

All news with #cisa kev tag

176 articles · page 2 of 9

CISA Adds Two Vulnerabilities to KEV Catalog

🔔 CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation. The agency emphasizes these flaws are common attack vectors that present substantial risk to the federal enterprise. BOD 26-04 requires Federal Civilian Executive Branch agencies to prioritize rapid remediation of high-risk CVEs in the KEV catalog and to assess potential compromise before patching. CISA urges all organizations to adopt risk-based vulnerability management and to submit suspected exploited flaws via the KEV Nomination Form.
read more →

CISA Adds One Vulnerability to KEV Catalog

🔔 CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog after confirmed active exploitation. The agency emphasizes that such flaws are common attack vectors posing significant risk to the federal enterprise and urges rapid remediation. Binding Operational Directive 26-04 requires FCEB agencies to prioritize fixes for KEV-listed CVEs on internet-exposed assets and to check for compromise prior to patching. CISA encourages all organizations to adopt risk-based vulnerability management and submit potential KEV candidates via the KEV Nomination Form.
read more →

CISA orders three-day patch for Ivanti Sentry flaw

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch an actively exploited Ivanti Sentry flaw (CVE-2026-10520) within three days under Binding Operational Directive BOD 26-04. The vulnerability, an OS command injection in Ivanti's security gateway appliance, has been confirmed exploited and added to CISA's Known Exploited Vulnerabilities Catalog. Shadowserver reports multiple Sentry gateways have already been backdoored and warns unpatched systems are likely compromised.
read more →

CISA mandates rapid remediation of critical federal flaws

🔒 The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 26-04 to require Federal Civilian Executive Branch agencies to prioritize and accelerate patching of high-risk vulnerabilities. The directive sets remediation timelines based on asset exposure, presence in CISA's Known Exploited Vulnerabilities (KEV) catalog, exploit automation risk, and potential for system control, with the shortest deadline as three days. It supersedes previous BODs and applies to on-premises, third-party hosted, and cloud environments, excluding certain military, intelligence, and contractor systems.
read more →

CISA Adds One Vulnerability to KEV Catalog

🔔 CISA has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog after observing active exploitation. The advisory reiterates that such vulnerabilities are frequent attack vectors and pose significant risks to the federal enterprise. It references BOD 26-04, which requires Federal Civilian Executive Branch agencies to prioritize rapid remediation of high-risk CVEs listed in the KEV catalog and to assess for compromise prior to patching. CISA urges all organizations to adopt risk-based vulnerability management and offers a KEV Nomination Form for reporting exploited vulnerabilities.
read more →

CISA Directive Pushes Risk-Based, Contextual Patching

🔒 CISA issued Binding Operational Directive 26-04 to prioritize vulnerabilities by contextual risk rather than CVSS alone. The directive uses four factors — internet exposure, KEV listing, exploit automation, and post-exploitation impact — to set dynamic remediation timelines, including a three-day requirement for the highest-risk cases. The guidance aims to help agencies focus scarce resources on flaws most likely to be exploited amid faster discovery driven by AI.
read more →

CISA Adds Cisco, Chrome and Arista Flaws to KEV

🔒 CISA added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after reports of active exploitation. The flaws include an authenticated command injection in Cisco Catalyst SD-WAN Manager (CVE-2026-20245), a V8 out-of-bounds read/write in Google Chrome (CVE-2026-11645), and a tunnel decapsulation issue in Arista EOS (CVE-2026-7473). Agencies must remediate or mitigate these issues by June 23, 2026.
read more →

CISA orders patch for Check Point VPN zero-day

🔒 CISA has directed U.S. federal agencies to patch a critical Check Point Remote Access VPN and Mobile Access vulnerability (CVE-2026-50751) that has been exploited in active attacks since May 7. The flaw allows unauthenticated remote attackers to bypass authentication on systems using the deprecated IKEv1 key exchange and legacy remote access clients. Check Point released updates and provided mitigations for organizations that cannot immediately patch, while CISA added the issue to its KEV Catalog and set a June 11 compliance deadline for federal agencies.
read more →

CISA Adds Actively Exploited SolarWinds Flaw

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity DoS vulnerability in SolarWinds Serv-U (CVE-2026-28318, CVSS 7.5) to its Known Exploited Vulnerabilities catalog, citing active exploitation. The bug causes uncontrolled resource consumption and crashes the Serv-U service via specially crafted POST requests using Content-Encoding: deflate. SolarWinds released a fix in Serv-U version 15.5.4 HF1 and recommends limiting access and blocking requests with content-encoding as mitigations. Federal agencies must remediate by June 19, 2026.
read more →

CISA warns of active exploitation of Serv‑U DoS flaw

⚠️ CISA warns that threat actors are actively exploiting a recently patched high-severity SolarWinds Serv-U flaw (CVE-2026-28318) that allows unauthenticated attackers to crash Serv-U file-transfer services via specially crafted POST requests using Content-Encoding: deflate. SolarWinds issued Serv-U 15.5.4 Hotfix 1 to address an uncontrolled resource consumption weakness and advised mitigation steps for admins who cannot immediately patch. Shodan and Shadowserver show thousands of Serv-U instances exposed online, prompting CISA to add the flaw to its Known Exploited Vulnerabilities Catalog and require federal agencies to remediate by June 19 under BOD 22-01.
read more →

CISA alerts on active Android and Linux kernel exploits

🔒 CISA warns that threat actors are actively exploiting high-severity vulnerabilities in the Android Framework and the Linux kernel, now added to its Known Exploited Vulnerabilities catalog. Google confirms CVE-2025-48595 affects Android 14–16 and may be under limited targeted exploitation, addressed by June 2026 patches. The kernel flaw CVE-2022-0492 impacts multiple branches and can enable container escapes via cgroups v1, with fixes available in specified kernel releases. Federal agencies must remediate or mitigate by the June 5 deadline under BOD 22-01.
read more →

Two-year-old Oracle WebLogic flaw now actively exploited

🔒 US federal agencies were ordered to patch a two-year-old high-severity Oracle WebLogic Server vulnerability, CVE-2024-21182, after its addition to CISA’s Known Exploited Vulnerabilities catalog. The flaw affects supported versions 12.2.1.4.0 and 14.1.1.0.0 and was patched by Oracle in the July 2024 CPU. Security experts note that inclusion in the KEV indicates active weaponization and highlight persistent slow patching across organizations as a key risk.
read more →

CISA Adds Oracle WebLogic CVE-2024-21182 to KEV

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Oracle WebLogic vulnerability, CVE-2024-21182 (CVSS 7.5), to its Known Exploited Vulnerabilities Catalog after evidence of active exploitation. The flaw permits unauthenticated network attackers to compromise servers via T3 and IIOP protocols and was patched by Oracle in July 2024. Federal agencies are urged to apply fixes by June 4, 2026, to protect critical data and systems.
read more →

CISA orders federal patch for WebLogic zero-day

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch an actively exploited Oracle WebLogic vulnerability, CVE-2024-21182, by June 4 under BOD 22-01. The flaw affects Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 and enables unauthenticated remote compromise via T3/IIOP. Shodan reports over 1,592 exposed and vulnerable WebLogic instances, and CISA urges all organizations to apply vendor mitigations or discontinue use if fixes are unavailable.
read more →

Palo Alto fixes auth-bypass in GlobalProtect VPN

🔒 Palo Alto Networks patched CVE-2026-0257, an authentication bypass on the GlobalProtect portal and gateway, after attackers began exploiting the flaw. Initially rated medium, the issue was raised to high severity following multiple exploitation attempts on unpatched PAN-OS devices. Rapid7 observed forged-cookie probes and VPN IP assignment to internal networks, prompting urgent patching guidance. CISA added the vulnerability to its KEV Catalog and federal agencies must remediate by June 1.
read more →

CISA orders rapid patch for exploited cPanel plugin

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critical, actively exploited privilege escalation flaw in the LiteSpeed cPanel user-end plugin, tracked as CVE-2026-48172. LiteSpeed released urgent updates to fix the issue in the lsws.redisAble function and advised administrators to check logs and block suspicious IPs. CISA added the flaw to its known exploited vulnerabilities catalog and required patches by May 29 under BOD 22-01.
read more →

CISA orders federal patching for exploited Drupal flaw

🛡️ CISA has mandated U.S. federal agencies to patch an actively exploited SQL injection vulnerability in the Drupal CMS (CVE-2026-9082) by the specified deadline. Discovered by Google/Mandiant researcher Michael Maturi, the flaw affects Drupal's database abstraction API and allows unauthenticated SQL injection against PostgreSQL-backed sites. The Drupal team labelled the bug highly critical and released fixes after observing exploitation in the wild; Shadowserver reports nearly 670 exposed installations. CISA added the issue to its KEV Catalog and urged all organizations to apply vendor mitigations immediately.
read more →

Vulnerabilities Surpass Credentials as Top Breach Entry

🔍 Verizon’s 2025 DBIR finds exploited vulnerabilities were the initial cause in 31% of breaches, overtaking credential abuse at 13%. The report highlights slower remediation: only 26% of critical CISA KEVs were fully fixed, with median patch time rising to 43 days. Analysts warn AI-driven exploit development, sprawling supply chains, and growing vulnerability volumes are worsening the threat landscape, urging risk-based continuous patching and stronger identity controls.
read more →

CISA Adds Drupal SQL Injection to KEV Catalog

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SQL injection flaw in Drupal Core (CVE-2026-9082, CVSS 6.5) to its Known Exploited Vulnerabilities list after evidence of active exploitation. The vulnerability affects all supported Drupal Core versions and could enable privilege escalation and remote code execution via crafted requests using the database abstraction API. Patches were released across multiple 8.x–11.x branches, with manual patches required for Drupal 9.5 and 8.9.
read more →

Verizon DBIR: Exploitation Replaces Credential Abuse

🔍 Verizon's latest DBIR reports that vulnerability exploitation has become the top initial access vector, accounting for 31% of breaches compared with 13% for credential abuse. The study links this shift to slower patching—only 26% of CISA KEV critical flaws were fully remediated—and a larger backlog of critical vulnerabilities. It also warns that threat actors may be using AI to scale discovery and exploitation, and highlights rising supply-chain incidents, increased shadow AI adoption, and persistent human-factor risks.
read more →