News • Insights • Analysis
CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall. This vulnerability affects the following FortiWeb versions:1 8.0.0 through 8.0.1 7.6.0 through 7.6.4 7.4.0 through 7.4.9 7.2.0 through 7.2.11 7.0.0 through 7.0.11 Read More …
CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, Read More …
The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they’re a mix of old and new. The goal of publishing these Read More …
WASHINGTON – DHS’s Transportation Security Administration (TSA) today announced two new Security Directives and additional guidance for voluntary measures to strengthen cybersecurity across the transportation sector in response to the ongoing cybersecurity threat to surface transportation systems and associated infrastructure. Read More …
Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late Read More …
CISA and the Federal Bureau of Investigation (FBI) continue to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their customers. CISA and FBI strongly urge affected MSPs Read More …
CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance Read More …
FORT MEADE, Md. – The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC) released a Cybersecurity Advisory today exposing malicious cyber activities by Russian military Read More …
Chinese-backed threat actors breached New York City’s Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day. Still, they failed to cause any data loss or gain access to systems controlling the transportation fleet. MTA mitigated the vulnerability Read More …
Multiple bills meant to secure critical infrastructure against cyber threats were approved by the House Homeland Security Committee on Tuesday afternoon, just a week after a ransomware attack on the Colonial Pipeline caused fuel shortages across the nation. The committee Read More …
