CISA
-
CISA Adds Critical CVE-2025-5086 in DELMIA Apriso to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2025-5086, a critical remote-code-execution flaw in DELMIA Apriso, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation emerged, prompting urgent patching across affected deployments.
-
N-able N-central: More Than 800 On-Premises Servers Remain Unpatched as Two Critical Flaws See Active Exploitation
More than 800 N-able N-central servers remain unpatched against two critical, actively exploited flaws (CVE-2025-8875 and CVE-2025-8876), prompting federal and private-sector action as researchers warn that thousands of instances remain exposed online. Patch guidance and regulatory responses are being rolled out as investigations continue into the scope of exploitation.
-
Over 29,000 Microsoft Exchange Servers Remain Vulnerable to Severe Exploit
Over 29,000 Microsoft Exchange servers remain unpatched against a critical security flaw, CVE-2025-53786, which allows attackers to escalate privileges and potentially compromise entire domains. This vulnerability has prompted emergency directives from U.S. federal agencies to enforce patching.
-
CISA and Microsoft Alert on High-Severity Vulnerability in Exchange Servers
Federal agencies are alerted to a significant vulnerability in Microsoft Exchange servers. An emergency directive from CISA requires immediate actions to mitigate risks following insights revealed at the Black Hat conference, highlighting the potential for exploitation by attackers.
-
CISA Adds D-Link Wi-Fi Camera Vulnerabilities to Known Exploited Catalog Amid Active Threats
CISA has added three vulnerabilities affecting D-Link Wi-Fi cameras and video recorders to its KEV catalog amid warnings of active exploitation. Users are urged to take action as fixes for some issues have already been released.
-
North Korea’s Lazarus Group Shifts Tactics; Canadian City Faces Major Security Costs
North Korea’s Lazarus Group has reportedly transitioned to tactics involving the distribution of malware-laden open-source software, raising concerns over cybersecurity. Meanwhile, the city of Hamilton has incurred major costs due to a significant ransomware attack amid a slow rollout of security measures, while ethical hackers eye substantial rewards in the upcoming Pwn2Own competition. Additionally, CISA…
-
Critical Infrastructure Monitoring Program Halted Due to Lapsed Funding
The expiration of government funding for the CyberSentry Program has raised alarms over cybersecurity vulnerabilities in U.S. critical infrastructure. Program director Nate Gleason highlighted concerns about halted monitoring and an evolving threat landscape during a congressional hearing, as calls for renewed funding grow amidst fears of potential cyberattacks.
-
CISA and FBI Warn of Rising Interlock Ransomware Threats Targeting Businesses
CISA and the FBI have alerted businesses about a significant increase in Interlock ransomware attacks, which primarily target the healthcare sector. The advisory includes strategies for network defense against these sophisticated double extortion threats.
-
TeleMessage SGNL Exposes Sensitive Data Due to Endpoint Misconfiguration
TeleMessage SGNL, a messaging application used by U.S. agencies, has been found exposing sensitive data due to outdated configurations. Cybersecurity experts are urging immediate action to address the vulnerabilities.
-
Major Security Flaw in Train Brake Systems Exposes US Rail Network to Risks
A critical security vulnerability in the US freight rail system, reported by researcher Neil Smith, has raised alarms about the potential for malicious actors to control train braking systems remotely, with no immediate solution in sight.
