Tag: exploited vulnerabilities
12 articles

CISA Warns of Actively Exploited Fortinet Flaws
The US Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on actively exploited Fortinet flaws, warning federal agencies to patch two vulnerabilities in the Fortinet FortiSandbox platform by July 19 to avoid potential breaches. Don't wait - prioritize patching to protect your systems from exploitation.

CISA Warns of Actively Exploited SharePoint Flaws
Don't let your SharePoint servers become an easy target: over 800 Internet-exposed servers remain unpatched against actively exploited vulnerabilities, including CVE-2026-32201 and CVE-2026-45659. Act now to protect your systems from potential attacks.

CISA Mandates Urgent Patching for Exploited Cisco Flaw
Don't wait until it's too late: Cisco has issued a critical patch for a vulnerability (CVE-2026-20230) in its Unified Communications Manager Server, and the US Cybersecurity and Infrastructure Security Agency (CISA) is requiring urgent remediation by June 28. Act now to protect your system from potential remote exploitation.

CISA Mandates Patching of Joomla Plugin Flaw by Friday
Don't wait until it's too late - CISA is requiring Federal agencies to patch a critical Joomla plugin flaw by Friday, as hackers can exploit it to upload and execute malicious PHP code. The vulnerability, found in the Widget Factory Joomla Content Editor, allows unauthenticated users to create new editor profiles and poses significant risks to your online security.

CISA Warns of LiteSpeed cPanel Plugin Flaw Exploited for Root Access
A critical vulnerability in the LiteSpeed cPanel Plugin, known as CVE-2026-54420, has been flagged by CISA for its high risk of exploitation, with a CVSS score of 8.5, and federal agencies have until June 18, 2026, to apply the necessary fix. This flaw allows for privilege escalation and has been added to the Known Exploited Vulnerabilities catalog, requiring swift action to prevent potential root access attacks.

CISA Flags Oracle WebLogic Flaw as Actively Exploited
The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged a high-severity Oracle WebLogic flaw, CVE-2024-21182, as actively exploited, prompting federal agencies to apply fixes by June 4, 2026. This critical vulnerability, rated 7.5 by CVSS, was added to CISA's Known Exploited Vulnerabilities Catalog after evidence of active exploitation was confirmed.

CISA Flags Four Exploited Vulnerabilities, Sets Federal Patch Deadline
The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged four actively exploited vulnerabilities, urging Federal Civilian Executive Branch (FCEB) agencies to patch or discontinue use of affected systems by May 8, 2026. These critical flaws, detailed in CISA's Known Exploited Vulnerabilities (KEV) catalog, pose a significant threat to cybersecurity and must be addressed promptly.

CISA Catalog Adds 8 Exploited Flaws
The US Cybersecurity and Infrastructure Security Agency (CISA) just beefed up its catalog of actively exploited software flaws by adding eight new entries, including three Cisco vulnerabilities and a high-severity PaperCut flaw. Federal agencies now have until April and May 2026 to mitigate these risks.

Leaked Windows Zero-Days Exploited in Targeted Attacks
Cyber attackers are exploiting newly disclosed Windows flaws in targeted attacks, allowing them to gain alarming levels of system control before organizations can patch the vulnerabilities. This alarming window of opportunity leaves defenders scrambling to respond.

NIST Shifts Focus to Enriching Exploited Vulnerabilities
The National Vulnerability Database is shifting gears: going forward, it'll prioritize enriching newly reported and actively exploited vulnerabilities, temporarily deprioritizing older entries. This change comes as the database faces an unprecedented surge in reported software flaws, with a record number of Common Vulnerabilities and Exposures (CVEs) submitted.

CISA Warns of Active Attacks on Decade-Old Excel Vulnerability
A 17-year-old Microsoft Excel vulnerability has become a pressing public safety concern after the US cybersecurity agency CISA added it to its exploited-vulnerabilities list, warning of active attacks. This outdated flaw is now being actively exploited, making it crucial to patch immediately.

Microsoft Discloses Actively Exploited Zero-Day Flaw in SharePoint
Microsoft just revealed a critical vulnerability in SharePoint that's being actively exploited by attackers, allowing them to access and modify sensitive information. Patch now to protect your organization from potential breaches.