CISA
-
US watchdog cites NIST for mismanaging vulnerability database, duplicate work
A Commerce inspector general report said NIST mismanaged the National Vulnerability Database, leaving a backlog of more than 27,000 unprocessed flaws and duplicating work with CISA. The agency agreed to fix six problems.
-
CISA adds exploited Langflow and Trend Micro flaws to vulnerability catalog
CISA added exploited flaws in Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities catalog on Thursday, citing active attacks. Federal civilian agencies must patch the issues by June 4, 2026.
-
CISA left GitHub repo with passwords and keys exposed for six months
CISA left a public GitHub repository exposed for six months, revealing passwords, keys and tokens in production infrastructure files. GitGuardian found the leak on May 14 and the agency removed the repo the next day.
-
Ivanti says EPMM flaw exploited in limited attacks, CISA adds it to watchlist
Ivanti said a high-severity flaw in its Endpoint Manager Mobile software has been used in limited attacks and can allow remote code execution on affected on-premises systems. CISA added the issue to its exploited vulnerability catalog.
-
Microsoft warns of exploited zero-click Windows flaw exposing sensitive data
Microsoft and CISA said attackers are exploiting CVE-2026-32202, a zero-click Windows flaw that can expose sensitive information. The issue stems from an incomplete fix for an earlier vulnerability linked to Russian espionage activity.
-
CISA adds eight exploited flaws to KEV catalog, including Cisco SD-WAN bugs
CISA added eight exploited vulnerabilities to its catalog, including three Cisco Catalyst SD-WAN Manager flaws. The list spans enterprise software from PaperCut and TeamCity to Quest KACE and Zimbra, with federal agencies given patch deadlines.
-
CISA adds Apache ActiveMQ flaw CVE-2026-34197 to exploited list
CISA says a high-severity Apache ActiveMQ Classic flaw, CVE-2026-34197, is being exploited in the wild. The agency added it to its Known Exploited Vulnerabilities catalog and ordered federal fixes by April 30.
-
CISA adds six exploited flaws to Known Exploited Vulnerabilities catalog
CISA added six vulnerabilities to its Known Exploited Vulnerabilities catalog after evidence of active exploitation, including flaws in Fortinet, Adobe and Microsoft products. Federal agencies face April 27, 2026 deadlines for most fixes.
-
US agencies warn of Iranian-linked attacks on internet-facing PLCs
US agencies warned that Iran-linked hackers are targeting internet-facing PLCs in critical infrastructure, including water and energy systems, and have caused display manipulation, device disruption and financial loss in some cases.
-
CISA adds Wing FTP information disclosure flaw CVE-2025-47813 to KEV catalog
CISA added CVE-2025-47813, an information disclosure in Wing FTP Server, to its Known Exploited Vulnerabilities catalog. The bug affects versions up to 7.4.3 and was fixed in 7.4.4. Agencies should apply fixes by March 30, 2026.
