CISA KEV catalog – Threat Note

From Security Week – NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog

[[{"value":"NIST has marked pre-2018 CVEs in NVD as ‘Deferred’ and will no longer spend resources on enriching them. The post NIST Puts Pre-2018 CVEs on Back Burner as It Works…

shaikh Saqib April 7, 2025

News

From Security Week – Questions Remain Over Attacks Causing DrayTek Router Reboots

[[{"value":"DrayTek has shared some clarifications regarding the recent attacks causing router reboots, but some questions remain unanswered. The post Questions Remain Over Attacks Causing DrayTek Router Reboots appeared first on…

shaikh Saqib April 2, 2025

News

From Cyber Security News – CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco vulnerability to its Known Exploited Vulnerabilities (KEV) catalog following confirmation of active exploitation in the wild. The flaw,…

shaikh Saqib April 1, 2025

News

From Security Week – Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia

[[{"value":"Firefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day. The post Firefox Affected by Flaw Similar to Chrome Zero-Day…

shaikh Saqib March 28, 2025

News

From The Hacker News – Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability

Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (

shaikh Saqib March 28, 2025

News

From Cyber Security News – CISA Adds Sitecore CMS Code Execution Vulnerability to List of Known Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two critical Sitecore CMS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the…

shaikh Saqib March 27, 2025

News

From Security Week – CISA Warns of Exploited Nakivo Vulnerability

[[{"value":"CISA has added an absolute path traversal bug in Nakivo Backup and Replication to its Known Exploited Vulnerabilities list. The post CISA Warns of Exploited Nakivo Vulnerability appeared first on…

shaikh Saqib March 20, 2025

News

From The Hacker News – CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to

shaikh Saqib March 20, 2025

News

From Cyber Security News – CISA Warns of Windows NTFS Vulnerability Actively Exploited to Access Sensitive Data

The Cybersecurity and Infrastructure Security Agency (CISA) escalated its cybersecurity alert, by adding six critical Microsoft Windows vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, with four directly impacting the…

shaikh Saqib March 12, 2025

News

From Security Week – CISA Warns of Ivanti EPM Vulnerability Exploitation

[[{"value":"CISA has added three critical-severity flaws in Ivanti EPM to its Known Exploited Vulnerabilities catalog. The post CISA Warns of Ivanti EPM Vulnerability Exploitation appeared first on SecurityWeek."}]] Read More

shaikh Saqib March 11, 2025

News

From Security Week – Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks

[[{"value":"Scans show that tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days. The post Exploited VMware ESXi Flaws Put Many at…

shaikh Saqib March 6, 2025

News

From Cyber Security News – 41,500+ VMware ESXi Instances Vulnerable to Code Execution Attacks

Shadowserver observed that 41,500+ internet-exposed VMware ESXi hypervisors as of March 4, 2025, are vulnerable to CVE-2025-22224, a critical zero-day vulnerability actively exploited in attacks. Broadcom patched the vulnerability in…

shaikh Saqib March 6, 2025

News

From Security Week – Exploitation Long Known for Most of CISA’s Latest KEV Additions

[[{"value":"Exploitation has been known for months or years for most of the latest vulnerabilities added by CISA to its KEV catalog. The post Exploitation Long Known for Most of CISA’s…

shaikh Saqib March 4, 2025

News

From The Hacker News – Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2023-20118 (CVSS score: 6.5) - A command injection

shaikh Saqib March 4, 2025

News

From Security Week – Black Basta Leak Offers Glimpse Into Group’s Inner Workings

[[{"value":"A massive hoard of internal chats has been leaked from Black Basta, rivalling the Conti leaks of late February 2022. The post Black Basta Leak Offers Glimpse Into Group’s Inner…

shaikh Saqib March 3, 2025