CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA Adds One Known Exploited Vulnerability to Catalog - Citrix NetScaler Out-of-Bounds Read Vulnerability
www.cisa.gov/news-events/...

#Infosec #Security #Cybersecurity #CeptBiro #CISA #Vulnerability #Catalog #Citrix #NetScaler

Original post on crooksandliars.com

Former Acting ICE Director Blames Patel Hack On DHS Shutdown Never mind the reckless DOGE cuts last year and the damage they did to our national security, this hack wants us to believe that the par...

#CISA #Cybersecurity #and #Infrastructure #Security […]

[Original post on crooksandliars.com]

CISA Adds One Known Exploited Vulnerability to Catalog | CISA An official website of the United States government

CISAが既知の悪用された脆弱性を1件カタログに追加

CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Mar 27)

CVE-2025-53521 F5 BIG-IPのリモートコード実行の脆弱性

www.cisa.gov/news-events/...

CISA: New Langflow flaw actively exploited to hijack AI workflows The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]

#CISA: New #Langflow flaw actively exploited to hijack #AI workflows

www.bleepingcomputer.com/news/security/cisa-new-l...

#cybersecurity

Original post on helpnetsecurity.com

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) A critical unauthenticated remote code execution vulnerability (CVE-2025-53521) in F5’s BIG-IP Access Policy Mana...

#Don't #miss #Hot #stuff #News #access #management […]

[Original post on helpnetsecurity.com]

FRIDAY | 27 MARCH 2026 | Cyber Report

#CyberSecurity #InfoSec #CyberFM #TechNews #Linux #Oracle #Trivy #SupplyChainAttack #EthicalHacking #CISA #SysAdmin #Programming #DataBreach #WebLogic #STEM

Cyber Operations Expand as Iran Conflict Extends into Digital Warfare   Cyberattacks are increasingly being used alongside conventional military actions in the ongoing conflict involving Iran, with both state-linked actors and loosely organised hacker groups targeting systems in the United States and Israel. A recent incident involving Stryker illustrates the scale of this activity. On March 11, the company confirmed that a cyberattack had disrupted parts of its global network. Employees across several offices reportedly encountered login screens displaying the symbol of Handala, a group believed to have links to Iran. The attack affected systems within Microsoft’s environment, although the full extent of the disruption and the timeline for recovery remain unclear. Handala has claimed responsibility for the operation, stating that it exploited Microsoft’s cloud-based device management platform, Intune. According to data from SOCRadar, the group alleged it remotely wiped more than 200,000 devices across 79 countries. These claims have not been independently verified, and attempts have been made to seek confirmation from Microsoft. The group described the attack as retaliation for a missile strike in Minab, Iran, which reportedly killed more than 160 people at a girls’ school. This breach is part of a broader surge in cyber activity following Operation Epic Fury, with multiple pro-Iranian actors directing attacks against American and Israeli systems. State-linked groups target essential systems A cybersecurity assessment indicates that several groups associated with Iran’s Islamic Revolutionary Guard Corps, including CyberAv3ngers, APT33, and APT55, are actively targeting critical infrastructure in the United States. These operations focus on industrial control systems, which are specialised computers used to manage essential services such as electricity grids, water treatment plants, and manufacturing processes. In some instances, attackers have gained access by using unchanged default passwords, allowing them to install malicious software capable of interfering with or taking control of these systems. CyberAv3ngers has reportedly accessed industrial machinery in this way, while APT33 has used commonly reused passwords to infiltrate accounts at US energy companies. After gaining entry, the group attempts to weaken safety mechanisms by inserting malware into operational systems. APT55, meanwhile, has focused on cyber-espionage, targeting individuals connected to the energy and defence sectors to gather intelligence for Iranian operations. Other groups linked to Iran’s Ministry of Intelligence and Security, including MuddyWater and APT34, are also involved in these campaigns. MuddyWater has targeted telecommunications providers, oil and gas companies, and government organisations. It functions as an initial access broker, meaning it breaks into networks, collects login credentials, and then passes that access to other attackers. Handala has also claimed additional operations beyond the Stryker incident. These include deleting more than 40 terabytes of data from servers at the Hebrew University of Jerusalem and breaching systems linked to Verifone in Israel. However, Verifone has stated that it found no evidence of any compromise or service disruption. Cyber operations are also being carried out by the United States and Israel. General Dan Caine stated on March 2 that US Cyber Command was one of the first operational units involved in Operation Epic Fury. He said these efforts disrupted Iran’s communication and sensor networks, leaving it with reduced ability to monitor, coordinate, or respond effectively. He did not provide further operational details. On March 13, Pete Hegseth confirmed that the United States is using artificial intelligence alongside cyber tools as part of its military approach in the conflict. Separate reporting suggests that Israeli intelligence agencies may have used data obtained from compromised traffic cameras across Tehran to support planning related to Iran’s leadership, including Ayatollah Ali Khamenei. Hacktivist networks operate with fewer constraints Alongside state-backed actors, hacktivist groups have played a significant role. More than 60 such groups reportedly mobilised in the early hours of Operation Epic Fury, forming a coalition known as the Cyber Islamic Resistance. This network coordinates its activity through Telegram channels described as an “Electronic Operations Room.” Unlike state-directed groups, these actors operate based on ideological motivations rather than central command structures. Analysts note that such groups tend to be less disciplined, more unpredictable, and more likely to act without regard for civilian impact. Within the first two weeks of the conflict, the coalition claimed responsibility for more than 600 distinct cyber incidents across over 100 Telegram channels. These include attacks targeting Israeli defence-related systems, drone detection platforms such as VigilAir, and infrastructure affecting electricity and water services at a hotel in Tel Aviv. The same group also claimed to have compromised BadeSaba Calendar, a widely used religious mobile application with more than five million downloads. During the incident, users reportedly received messages such as “Help is on the way” and “It’s time for reckoning,” based on screenshots shared online. Some analysts assess that these groups may be using artificial intelligence tools to compensate for limited technical expertise, allowing them to scale operations more effectively. Global actors join the conflict Cyber intelligence findings suggest that participation in these operations is expanding geographically. Ongoing internet restrictions within Iran appear to be limiting the involvement of domestic hacktivists by disrupting Telegram-based coordination. As a result, increased activity has been observed from pro-Iranian groups based in Southeast Asia, Pakistan, and other parts of the Middle East. The Islamic Cyber Resistance in Iraq, also known as the 313 Team, has claimed responsibility for attacks on websites belonging to Kuwaiti government ministries, including defence-related institutions, according to a separate threat intelligence briefing. The group has also reportedly targeted websites in Romania and Bahrain. Another group, DieNet, has claimed cyber operations affecting airport systems in Bahrain, Saudi Arabia, and the United Arab Emirates. Russian-linked actors have also entered the landscape. NoName057(16), previously involved in cyber campaigns related to Ukraine, has launched distributed denial-of-service attacks, a technique used to overwhelm websites with traffic and render them inaccessible. Targets include Israeli municipal services, political platforms, telecommunications providers, and defence-related entities, including Elbit Systems, as noted by a threat intelligence monitoring platform. The group is also reported to be collaborating with Hider-Nex, a North Africa-based collective that has claimed attacks on Kuwaiti government domains. Some pro-Israeli hacktivist groups are active, including Anonymous Syria Hackers. One such group recently claimed to have breached an Iranian technology firm and released sensitive data, including account credentials, emails, and passwords. However, these groups remain less visible. Analysts suggest that Israel primarily conducts cyber operations through state-controlled channels, reducing the role and visibility of independent actors. In addition, these groups often do not appear in alerts issued by agencies such as the US Cybersecurity and Infrastructure Security Agency, making their activities harder to track. These developments suggest how cyber operations are becoming embedded in modern warfare. Such attacks are used not only to disrupt infrastructure but also to gather intelligence, impose financial strain, and influence perception. The growing use of artificial intelligence, combined with the involvement of decentralised and ideologically driven groups, is making attribution more complex and the threat environment more difficult to manage. As a result, cyber capabilities are now a central component of how conflicts are conducted, extending the battlefield into digital systems that underpin everyday life.

Cyber Operations Expand as Iran Conflict Extends into Digital Warfare #APTGroup #ArtificialIntelligence #CISA

Original post on helpnetsecurity.com

CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Kno...

#Don't #miss #Hot #stuff #News #Aqua #Security #CISA […]

[Original post on helpnetsecurity.com]

Original post on securityaffairs.com

U.S. CISA adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an Aquasecurity Trivy flaw to its Know...

#Breaking #News #Hacking #Security #CISA #hacking #news #information #security #news #IT […]

Original post on securityweek.com

CISA Flags Critical PTC Vulnerability That Had German Police Mobilized Police in Germany physically warned organizations about the critical PTC Windchill vulnerability tracked as CVE-2026-4681. The...

#Incident #Response #Tracking #& #Law #Enforcement […]

[Original post on securityweek.com]

After Funding Jolt, EU Moves to Back the CVE Vulnerability System The European Union is stepping forward to reinforce what many experts describe as a bedrock cyber vulnerability tracking system, ...

#Firewall #Daily #Cyber #News #Vulnerabilities #bedrock […]

[Original post on thecyberexpress.com]

CISA New Langflow flaw actively exploited to hijack AI workflows there was no public proof-of-concept (PoC) exploit code read more about CISA New Langflow flaw actively exploited to hijack AI workflows

CISA: New Langflow flaw actively exploited to hijack AI workflows reconbee.com/cisa-new-lan...

#CISA #USA #hijackAI #workflows #cybersecurity #cyberattack

Langflow RCE flaw exploited within hours, CISA warns The US cybersecurity agency CISA has flagged a critical code injection flaw in Langflow, the open-source visual framework widely used to build A...

#Security #AI #security #CISA #CVE-2026-33017 #Known […]

[Original post on techzine.eu]

CISA: New Langflow flaw actively exploited to hijack AI workflows CISA warns that CVE-2026-33017, a critical code injection vulnerability in the Langflow AI-agent framework, is being actively exploited for unauthenticated remote code execution that can build public flows. Endor Labs observed exploitation beginning about 20 hours after disclosure with rapid scanning, Python-based attacks, and data harvesting; agencies are urged to upgrade to Langflow 1.9.0 or disable the vulnerable endpoint. #CVE-2026-33017 #Langflow

CISA reports active exploitation of CVE-2026-33017, a critical code injection flaw in Langflow AI-agent framework enabling unauthenticated remote Python code execution. Upgrade to Langflow 1.9.0 recommended. #Langflow #CISA #USA

Original post on securityaffairs.com

U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Langflow to its Known Exploited Vulnera...

#Breaking #News #Hacking #Security #CISA #hacking #news #information #security #news #IT […]

CISA Adds CVE-2026-33634 to KEV Catalog

~Cisa~
CISA added CVE-2026-33634 (Aqua Security Trivy) to the KEV catalog due to active exploitation.
-
IOCs: CVE-2026-33634
-
#CISA #CVE202633634 #threatintel

FBI Warns Of Russia, Iran Cyber Activity
Read More: buff.ly/4qt8Mtm

#FBIwarning #CISA #RussiaCyber #IranCyber #SignalPhishing #AccountTakeover #SocialEngineering #SecureMessaging

CISA Adds One Known Exploited Vulnerability to Catalog | CISA An official website of the United States government

CISAが既知の悪用された脆弱性を1件カタログに追加

CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Mar 25)

CVE-2026-33017 Langflowコードインジェクションの脆弱性

www.cisa.gov/news-events/...

CISA's acting chief warns shutdown is increasing cyber risks, causing resignations CISA Acting Director Nick Andersen warned that the DHS shutdown has furloughed roughly 60% of CISA staff and left the agency limited to mission‑essential functions. He said vacancies, resignations, strained information sharing, and reduced coordination increase systemic risk ahead of events like America 250 and the FIFA World Cup and jeopardize...

CISA Acting Director warns DHS shutdown has furloughed 60% of staff, causing vacancies, resignations, and reduced coordination. This raises cyber risks ahead of America 250 and FIFA World Cup events. #CISA #DHS #USA

US cybersecurity agencies abandon world's largest industry conference CISA, FBI, NSA cancel participation at RSA Conference 2026 after Jen Easterly appointment, disrupting federal-industry cybersecurity coordination.

US cybersecurity agencies abandon world's largest industry conference

#Cybersecurity #CISA #RSA2026 #AusNews

thedailyperspective.org/article/2026-03-25-us-cy...

"Testimony🚨just now at House #DHS CMTE is truly alarming. Head of #CISA, the US's cybersecurity agency,🚨said they have *1,000* vacancies right now. Post-DOGE & post-shutdowns.... that number is striking. This ag...

"Testimony🚨just now at House #DHS CMTE is truly alarming.
Head of #CISA, the US's cybersecurity agency,🚨said they have *1,000* vacancies right now.
Post-DOGE & post-shutdowns.... that number is striking.
This ag...
#democracy #usa #gop #fascists #fascism

👉 Vote 'em Out!

CISA, FBI Warn of Phishing Campaign Targeting Messaging App Users A new phishing campaign targeting messaging apps has triggered warnings from the Cybersecurity and Infrastructure Security Agency (...

#Cyber #News #Firewall #Daily #CISA #News […]

[Original post on thecyberexpress.com]

CISA orders feds to patch DarkSword iOS flaws exploited attacks CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. [...]

#CISA orders feds to patch #DarkSword #iOS flaws exploited attacks

www.bleepingcomputer.com/news/security/cisa-order...

#cybersecurity #iPhone #Apple

CISA Recommends Strict Administrative Controls of Microsoft Intune - Defensorum The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance instructing U.S. organizations to strengthen administrative controls in Microsoft Intune following a cyberattack on...

🚨 #CISA issues emergency guidance after 12 PB deleted from 200K devices 💻 Iran-linked #Handala group exploited #Microsoft #Intune admin controls 📱 #Windows devices, laptops, mobile phones targeted for deletion #CyberSecurity #CloudSecurity #ZeroTrust 👉 www.defensorum.com/cisa-adminis...

In a Public Service Announcement (PSA) the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn the public about ongoing Russian-linked phishing campaigns that aim to gain access to messaging accounts. Earlier this month we wrote about a large‑scale phishing campaign aimed at hijacking Signal and WhatsApp accounts belonging to senior officials, military personnel, civil servants, and journalists. Now the FBI and CISA have joined European intelligence services in warning that the same tactics are being used in a broader campaign targeting these commercial messaging apps. The goal is not to break end‑to‑end encryption, but to walk straight around it by stealing access to individual accounts. In our previous article, we focused on warnings from the Dutch intelligence services AIVD and MIVD, which described how Russian state‑backed actors approached high‑value targets via Signal and WhatsApp, posing as “Signal Support”, “Signal Security Bot”, or similar. The PSA demonstrates how the same groups are now running global phishing campaigns against messaging app accounts, with evidence suggesting thousands of compromised accounts worldwide. It’s important to reiterate that the attackers have not managed to break the apps’ end-to-end encryption. Instead, they are relying on social engineering to get a device added so they can eavesdrop on accounts. The current targets include current and former US government officials, military staff, political figures, and journalists, but there is nothing to stop the same techniques being reused against businesses and everyday users. So, while it’s tempting to dismiss this as a problem for diplomats and generals (and the agencies issuing these alerts do mention high‑profile targets first), the techniques scale very easily. Once playbooks like these are public, they tend to be copied by cybercriminals looking for new ways to steal money or accounts. ## How to protect your accounts As the PSA puts it: > “Phishing remains one of the most unsophisticated, yet effective means of cyber compromise, often rendering other protections irrelevant” This calls asks for basic security measures: * **Treat unsolicited messages from “Support” inside apps as suspicious by default.** Legitimate support for apps like Signal and WhatsApp does not ask you, in a chat message, to send back verification codes, PINs, or passwords.​ If you receive a warning about account problems, do not follow links in the message. Open the app’s settings directly or visit the official website through other means. * **Never share SMS verification codes or app PINs.** SMS codes are there to prove that you control a phone number. Anyone who has the code can pretend to be you. App‑specific PINs or passcodes are there to protect account changes. Giving them away is like handing over the keys to your account. Consider anyone asking for them to be a scammer. * **Be careful what you discuss and with whom.** Both the Dutch and US advisories remind us that even with end‑to‑end encryption, some conversations are too sensitive for commercial chat apps. * **Use the extra security features these apps offer.** Enable options like registration lock, registration PIN and device‑change alerts so that your account cannot be silently re‑registered without an extra secret. Store your PIN in a password manager instead of choosing something easy to guess or reusing a common code, to reduce the chance of social engineering or shoulder‑surfing. * **Another useful feature is disappearing messages.** Short‑timer and disappearing messages reduce how much content is available if an attacker gets into a chat later, or if someone obtains long‑term access to a device or backup. They are not a complete solution, but they can limit the damage. ## What to do if you think your account was hijacked If you suspect an attacker has taken over your messaging account: 1. Try to re‑register your number in the app immediately to kick out other devices. 2. Revoke all linked devices and change any app‑specific PINs or lock codes. 3. Warn your contacts that someone may have impersonated you and ask them to treat recent messages with caution. 4. Review recent conversations for signs of data theft (for example, shared IDs, documents, or passwords that should now be considered exposed). 5. Report the incident to the app provider and, where appropriate, to national reporting centers such as the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov or the relevant authority in your country.​ The sooner you act, the smaller the window in which attackers can exploit your account. * * * **We don’t just report on phone security—we provide it** Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

FBI, CISA warn of Russian hackers hijacking Signal and WhatsApp accounts The FBI and CISA join European agencies in warning of a widespread, easily scalable social engineering campaign targeting me...

#News #Scams #cisa #fbi #signal

Origin | Interest | Match

El director de la CISA de EE. UU. bajo investigación tras filtrar documentos oficiales en la versión pública de ChatGPT. Al subir datos sensibles, la información pasó a la base de entrenamiento de la IA, exponiéndola a terceros y adversarios externos. 🛡️⚠️ #ciberseguridad #ia #chatgpt #cisa

So are we going to get #ICE goons to help out with #CISA too?

I’m sure they’d be just as great at the #KEV

CISA KEV Catalog Updated: Federal Agencies Must Patch Exploited Flaws in Apple, Laravel, Craft CMS CISA adds three actively exploited vulnerabilities (CVE-2026-28217, CVE-2024-4671, CVE-2026-25487) affecting Apple, Laravel, and Craft CMS to its KEV catalog. Learn more and patch now.

📢 CISA KEV UPDATE: Actively exploited flaws in Apple visionOS (CVE-2026-28217), Laravel (CVE-2024-4671), & Craft CMS (CVE-2026-25487) added to catalog. Federal agencies must patch by April 12. All orgs urged to patch NOW! ⚠️ #KEV #CISA