Security & IT News

Password resets are one of the easiest ways for attackers to bypass security controls. Specops Software shows how helpdesk social engineering turns a seemingly legitimate reset request into full account compromise. [...]

A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government entities. [...]

Imagine a world where hackers don't sleep, don't take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a vulnerability before it gets attacked is shrinking to zero. We call this the Collapsing Exploit Window, and it means your

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-02.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation. /strong /p p The following versions of Carlson Software VASCO-B GNSS Receiver are affected: /p ul li VASCO-B GNSS Receiver lt;1.4.0 (CVE-2026-3893) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 9.4 /td td Carlson Software /td td Carlson Software VASCO-B GNSS Receiver /td td Missing Authentication for Critical Function /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-3893 /a /h3 div class="csaf-accordion-content" p The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-3893" View CVE Details /a /p hr h4 Affected Products /h4 h5 Carlson Software VASCO-B GNSS Receiver /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Carlson Software /div div class="ics-version" strong Product Version: /strong br Carlson Software VASCO-B GNSS Receiver: lt;1.4.0 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Carlson Software recommends users update to Version 1.4.0 or greater. For more information contact Carlson Software https://www.carlsonsw.com/support-and-training/ br a href="https://www.carlsonsw.com/support-and-training/" https://www.carlsonsw.com/support-and-training/ /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/306.html" CWE-306 Missing Authentication for Critical Function /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Score /th th role="columnheader" Base Severity /th th role="columnheader" Vector String /th /tr /thead tbody tr td 3.1 /td td 9.4 /td td CRITICAL /

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-05.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to bypass authentication and have remote access to sensitive information on the device. /strong /p p The following versions of Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera are affected: /p ul li IP Camera XM530V200_X6-WEQ_8M firmware V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06 (CVE-2025-65856) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 9.8 /td td Hangzhou Xiongmai Technology Co., Ltd /td td Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera /td td Missing Authentication for Critical Function /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong China /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-65856 /a /h3 div class="csaf-accordion-content" p Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-65856" View CVE Details /a /p hr h4 Affected Products /h4 h5 Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Hangzhou Xiongmai Technology Co., Ltd /div div class="ics-version" strong Product Version: /strong br Hangzhou Xiongmai Technology Co., Ltd IP Camera XM530V200_X6-WEQ_8M firmware: V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Hangzhou Xiongmai Technology Co., Ltd has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of XM530 IP cameras are invited to contact Xiongmai Technology customer support for additional information (https://www.xiongmaitech.com/en/index.php/about/contact/42). br a href="https://www.xiongmaitech.com/en/index.php/about/contact/42" https://www.xiongmaitech.com/en/index.php/about/contact/42 /a /p /div p stro

h2 strong Malware Analysis Report at a Glance /strong /h2 table tbody tr th Malware Name /th td FIRESTARTER /td /tr tr th Original Publication /th td April 23, 2026 /td /tr tr th Executive Summary /th td p The Cybersecurity and Infrastructure Security Agency (CISA) analyzed a sample of FIRESTARTER malware obtained from a forensic investigation. CISA and the United Kingdom National Cyber Security Centre (NCSC) assess advanced persistent threat (APT) actors are using FIRESTARTER malware for persistence, specifically targeting publicly accessible Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. CISA and the NCSC are releasing this Malware Analysis Report to share analysis of one FIRESTARTER malware sample operating as a backdoor and urge organizations to take key response actions. /p p strong Note: /strong The release of this Malware Analysis Report aligns with CISA’s update to a href="https://www.cisa.gov/news-events/directives/v1-ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices" V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices /a and a href="https://www.cisa.gov/news-events/directives/supplemental-direction-ed-25-03-core-dump-and-hunt-instructions" Supplemental Direction ED 25-03: Core Dump and Hunt Instructions /a . The malware outlined in this report is relevant for both Cisco Firepower and Secure Firewall devices; however, CISA has only observed a successful implant of the malware in the wild on a Cisco Firepower device running ASA software. /p /td /tr tr th Key Actions for U.S. FCEB Agencies /th td ul li strong Collect and submit core dumps /strong to CISA’s Malware Next Generation platform. /li li strong Immediately report the submission /strong via CISA’s 24/7 Operations Center; CISA will reach out with next steps. /li li strong Take no additional action until CISA provides further guidance. /strong /li /ul /td /tr tr th Key Actions for All Other Organizations /th td ul li strong Use the YARA rules /strong to detect FIRESTARTER malware against either a disk image or core dump of a device. /li li strong Report any findings to CISA or the NCSC. /strong /li li strong If compromise is confirmed /strong , conduct incident response actions. /li /ul /td /tr tr th Intended Audience /th td p strong Organizations: /strong Government and critical infrastructure organizations ( strong Note: /strong While this publication supplements CISA ED 25-03, the guidance is applicable to all organizations, including U.K. organizations.) /p p strong Sector /strong : Government Services and Facilities Sector /p p strong Roles: /strong a href="https://niccs.cisa.gov/tools/nice-framework/work-role/digital-forensics" target="_blank" title="Digital forensics analysts" Digital forensics analysts /a , a href="https://niccs.cisa.gov/tools/nice-framework/work-role/incident-response" target="_blank" title="incident responders" incid

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-01.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could result in an attacker being able to unlock and start the bicycle, leading to vehicle theft. /strong /p p The following versions of Yadea T5 Electric Bicycle are affected: /p ul li T5 Electric Bicycle vers:all/* (CVE-2025-70994) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.3 /td td Yadea /td td Yadea T5 Electric Bicycle /td td Weak Authentication /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Transportation Systems /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong China /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-70994 /a /h3 div class="csaf-accordion-content" p Yadea T5 Electric Bicycles have a weak authentication mechanism which is vulnerable to signal forgery after a local attacker intercepts any legitimate key fob transmissions. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-70994" View CVE Details /a /p hr h4 Affected Products /h4 h5 Yadea T5 Electric Bicycle /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Yadea /div div class="ics-version" strong Product Version: /strong br Yadea T5 Electric Bicycle: vers:all/* /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Yadea did not respond to CISA's attempts at coordination. Users of Yadea T5 Electric Bicycles are encouraged to keep their systems up to date and lock their property securely with external mechanisms. Users can contact Yadea at https://yadea.com/contact-us. br a href="https://yadea.com/contact-us" https://yadea.com/contact-us /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/1390.html" CWE-1390 Weak Authentication /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Score /th th role="columnheader" Base Severity /th th role="columnheader" Vector String /th /tr /thead tbody tr td 3.1 /td td 7.3 /td td HIGH /td td a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" CVSS:3.

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could crash the device being accessed or allow remote code execution. /strong /p p The following versions of Milesight Cameras are affected: /p ul li MS-Cxx63-PD lt;=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx64-xPD lt;=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx73-xPD lt;=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx75-xxPD lt;=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx83-xPD lt;=51.7.0.77-r12 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx74-PA lt;=3x.8.0.3-r11 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-C8477-HPG1 lt;=63.8.0.4-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-C8477-PC lt;=48.8.0.4-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-C5321-FPE lt;=62.8.0.4-r5 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx72-xxxPE lt;=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx62-xxxPE lt;=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx52-xxxPE lt;=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx66-xxxPE lt;=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx66-xxxGPE lt;=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx61-xxxPE lt;=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx67-xxxPE lt;=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx71-xxxPE lt;=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx41-xxxPE lt;=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx76-PE lt;=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx65-PE lt;=61.8.0.5-r2 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx66-xxxG1 lt;=63.8.0.5-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx62-xxxG1 lt;=63.8.0.5-r3 (CVE-2026-28747, CVE-2026-27785, CVE-2026-32644, CVE-2026-32649, CVE-2026-20766) /li li MS-Cxx72-xxxG1 lt;=63.8.0.5-r3 (CVE-2026

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-06.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to read, modify, or delete files. /strong /p p The following versions of Intrado 911 Emergency Gateway (EGW) are affected: /p ul li Emergency Gateway 7.x (CVE-2026-6074) /li li Emergency Gateway 6.x (CVE-2026-6074) /li li Emergency Gateway 5.x (CVE-2026-6074) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 9.8 /td td Intrado /td td Intrado 911 Emergency Gateway (EGW) /td td Path Traversal: '.../...//' /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Emergency Services /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-6074 /a /h3 div class="csaf-accordion-content" p A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing network access the ability to access the EGW management interface without authentication. Successful exploitation of this vulnerability could allow a user to read, modify, or delete files. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-6074" View CVE Details /a /p hr h4 Affected Products /h4 h5 Intrado 911 Emergency Gateway (EGW) /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Intrado /div div class="ics-version" strong Product Version: /strong br Intrado Emergency Gateway: 7.x, Intrado Emergency Gateway: 6.x, Intrado Emergency Gateway: 5.x /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Intrado developed and released a software update on March 2nd, 2026, that addresses this issue and has contacted customers to coordinate applying the patch. /p p strong Mitigation /strong br If you have questions, contact Intrado E911 Support: [email protected] br a href="mailto:[email protected]" mailto:[email protected] /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/35.html" CWE-35 Path Traversal: '.../...//' /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role=

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-04.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information. /strong /p p The following versions of SpiceJet Online Booking System are affected: /p ul li Online Booking System vers:all/* (CVE-2026-6375, CVE-2026-6376) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.5 /td td SpiceJet /td td SpiceJet Online Booking System /td td Authorization Bypass Through User-Controlled Key, Missing Authentication for Critical Function /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Transportation Systems /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong India /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-6375 /a /h3 div class="csaf-accordion-content" p A vulnerability in SpiceJet's booking API allows unauthenticated users to query passenger name records (PNRs) without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw stems from missing authorization checks on an endpoint intended for authenticated profile access. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-6375" View CVE Details /a /p hr h4 Affected Products /h4 h5 SpiceJet Online Booking System /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br SpiceJet /div div class="ics-version" strong Product Version: /strong br SpiceJet Online Booking System: vers:all/* /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br SpiceJet did not respond to CISA's requests to coordinate. Users are encouraged to reach out to SpiceJet for more information: https://corporate.spicejet.com/contactus.aspx br a href="https://corporate.spicejet.com/contactus.aspx" https://corporate.spicejet.com/contactus.aspx /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/639.html" CWE-639 Authorization Bypass Through User-Controlled Key /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th

p CISA has added one new vulnerability to its a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog" Known Exploited Vulnerabilities (KEV) Catalog /a , based on evidence of active exploitation. /p ul li a href="https://www.cve.org/CVERecord?id=CVE-2026-39987" CVE-2026-39987 /a Marimo Remote Code Execution Vulnerability /li /ul p This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. /p p a href="https://www.cisa.gov/binding-operational-directive-22-01" Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities /a established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf" BOD 22-01 Fact Sheet /a for more information. /p p Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog" KEV Catalog vulnerabilities /a as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the a href="https://www.cisa.gov/known-exploited-vulnerabilities" data-entity-type="node" data-entity-uuid="f2adba9a-0404-494c-a90c-4363a4a5c934" data-entity-substitution="canonical" title="Reducing the Significant Risk of Known Exploited Vulnerabilities" specified criteria /a . nbsp; /p

Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper. "The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute various backdoors in its arsenal," Slovakian cybersecurity company ESET said in a report shared with The Hacker

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. [...]

Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official release. The

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. "The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses," the Symantec and Carbon Black Threat Hunter

The Spanish police have dismantled the largest Spanish-language manga piracy platform, operating since 2014, with millions of monthly users from around the globe. [...]

Fraud operations now operate like call centers, complete with hiring, training, and performance tracking. Flare reveals how cybercriminals manage "Caller-as-a-Service" operations like a professional sales team. [...]

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. [...]

Microsoft is preparing to roll out a new Efficiency Mode for Microsoft Teams for systems with limited CPU and memory resources to improve app responsiveness. [...]