-
CISA orders feds to patch MongoBleed flaw exploited in attacks
CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data.
- December 30, 2025
- 09:40 AM
0
-
CISA orders feds to patch actively exploited Geoserver flaw
CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks.
- December 12, 2025
- 04:48 AM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
MITRE shares 2025's top 25 most dangerous software weaknesses
MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025.
- December 12, 2025
- 03:43 AM
- 0
-
CISA warns of Chinese "BrickStorm" malware attacks on VMware servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware.
- December 04, 2025
- 01:19 PM
- 0
-
CISA warns Oracle Identity Manager RCE flaw is being actively exploited
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day.
- November 21, 2025
- 06:50 PM
- 0
-
CISA gives govt agencies 7 days to patch new Fortinet flaw
CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet's FortiWeb web application firewall, which was exploited in zero-day attacks.
- November 19, 2025
- 08:44 AM
- 0
-
CISA warns feds to fully patch actively exploited Cisco flaws
CISA warned federal agencies to fully patch two actively exploited vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.
- November 13, 2025
- 07:05 AM
- 0
-
CISA warns of WatchGuard firewall flaw exploited in attacks
CISA has ordered federal agencies to patch an actively exploited vulnerability in WatchGuard Firebox firewalls, which allows attackers to gain remote code execution on compromised devices.
- November 13, 2025
- 05:03 AM
- 0
-
CISA orders feds to patch Samsung zero-day used in spyware attacks
CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp.
- November 10, 2025
- 03:00 PM
- 0
-
CISA warns of critical CentOS Web Panel bug exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning that threat actors are exploiting a critical remote command execution flaw in CentOS Web Panel (CWP).
- November 05, 2025
- 01:26 PM
- 0
-
CISA: High-severity Linux flaw now exploited by ransomware gangs
CISA confirmed on Thursday that a high-severity privilege escalation flaw in the Linux kernel is now being exploited in ransomware attacks.
- October 31, 2025
- 09:05 AM
- 4
-
CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers
CISA has ordered federal agencies to patch a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools software, exploited by Chinese hackers since October 2024.
- October 30, 2025
- 04:01 PM
- 0
-
CISA and NSA share tips on securing Microsoft Exchange servers
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance to help IT administrators harden Microsoft Exchange servers on their networks against attacks.
- October 30, 2025
- 12:11 PM
- 0
-
CISA warns of two more actively exploited Dassault vulnerabilities
The Cybersecurity & Infrastructure Security Agency (CISA) warned today that attackers are actively exploiting two vulnerabilities in Dassault Systèmes' DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution.
- October 28, 2025
- 02:59 PM
- 0
-
CISA orders feds to patch Windows Server WSUS flaw used in attacks
The Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. government agencies to patch a critical-severity Windows Server Update Services (WSUS) vulnerability after adding it to its catalog of security flaws exploited in attacks.
- October 27, 2025
- 09:27 AM
- 0
-
CISA warns of Lanscope Endpoint Manager flaw exploited in attacks
The Cybersecurity & Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in the Motex Landscope Endpoint Manager.
- October 23, 2025
- 12:24 PM
- 0
-
CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog.
- October 21, 2025
- 03:15 PM
- 0
-
CISA: High-severity Windows SMB flaw now exploited in attacks
CISA says threat actors are now actively exploiting a high-severity Windows SMB privilege escalation vulnerability that can let them gain SYSTEM privileges on unpatched systems.
- October 20, 2025
- 01:18 PM
- 0
-
CISA: Maximum-severity Adobe flaw now exploited in attacks
CISA has warned that attackers are actively exploiting a maximum-severity vulnerability in Adobe Experience Manager to execute code on unpatched systems.
- October 16, 2025
- 10:28 AM
- 0
-
How To Simplify CISA's Zero Trust Roadmap with Modern Microsegmentation
CISA says microsegmentation isn't optional—it's foundational to Zero Trust. But legacy methods make it slow & complex. Learn from Zero Networks how modern, automated, agentless approaches make containment practical for every org.
- October 01, 2025
- 10:02 AM
- 0
0
