CISA Advisory

Response to CISA Advisory (AA25-141B): Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations

| | adversary emulation, Broad-Based Attacks, cisa, CISA Advisory, Lumma Stealer, LummaC2
AttackIQ has updated an existing assessment template in response to the CISA Advisory (AA25-141B) published on May 21, 2025, which disseminates Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IOCs), associated ...
AttackIQ

Response to CISA Advisory (AA25-141A): Russian GRU Targeting Western Logistics Entities and Technology Companies

| | adversary emulation, APT28, cisa, CISA Advisory, credential harvesting, Fancy Bear, government, GRU, Russia, spear-phishing, technology, transportation
AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-141A) published on May 21, 2025. The CSA highlights a cyber espionage-oriented campaign carried out by cyber actors affiliated ...
AttackIQ

Response to CISA Advisory (AA25-093A): Fast Flux: A National Security Threat

| | adversary emulation, CISA Advisory, CISA Alert, fast flux
AttackIQ recommends that customers take the following testing actions in alignment with the recently published CISA Advisory (AA25-093A) which highlights the ongoing and evolving threat of fast flux techniques. These techniques are ...
AttackIQ
A close up of a patient monitor screen with a heart beat

CISA/FDA Warn: Chinese Patient Monitors Have BAD Bugs

| | cisa, CISA Advisories, CISA Advisory, CISA Alert, CISA cybersecurity advisory, CISA Report, CISA Research, Contec, CVE-2024-12248, CVE-2025-0626, CVE-2025-0683, Cyber Threat on Healthcare, cyberattacks in healthcare, Cybersecurity and Infrastructure Agency, Cybersecurity and Infrastructure Security Agency, Cybersecurity for Healthcare, cybersecurity in healthcare, Epsimed, FDA, FDA guidance, fda medical device cybersecurity, Food and Drug Administration, health care, Health Care Security, healthcare, Healthcare & Life Sciences, Healthcare company, Healthcare Compliance, SB Blogwatch, USFDA
China crisis? Stop using this healthcare equipment, say Cybersecurity & Infrastructure Security Agency and Food & Drug Administration ...
Security Boulevard

CISA and FBI Issue Alert on OS Command Injection Vulnerabilities

| | CISA Advisory, CISA Threat Update, Cisco Vulnerabilities, command injection, Command Injection Vulnerability, FBI alert, FBI warning, Ivanti Vulnerabilities, Linux & Open Source News, MITRE ATTACK, OS command injection, OS command injection prevention, OS command injection vulnerabilities, Palo Alto Networks, secure by design, Secure by Design Alert
CISA and FBI issued a critical advisory on July 10, 2024, urging software companies to review their products and eliminate OS command injection vulnerabilities at the source. This urgent call comes in ...
TuxCare

CISA Alert: Urgent Update Needed for Apache Flink Vulnerability

| | Apache Flink, Apache Flink vulnerability, CISA Advisory, cisa known exploited vulnerabilities, cisa known exploited vulnerabilities catalog, CISA Threat Update, CVE-2020-17519, cybersecurity threats, enterprise security, federal agencies, improper access control, Known Exploited Vulnerabilities, Linux & Open Source News, open source
Attention Apache Flink users! The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added an Apache Flink vulnerability to its Known Exploited Vulnerabilities Catalog, highlighting evidence of its active exploitation. Apache Flink ...
TuxCare
Extreme closeup of “TEN” on US$10 note

GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW

| | cisa, CISA Advisories, CISA Advisory, CISA Alert, CISA KEV, cisa known exploited vulnerabilities, cisa known exploited vulnerabilities catalog, CISA Threat Update, CISA warning, CISA.gov, CVE-2023-7028, CVSS10, Cybersecurity Infrastructure Security Administration, GitLab, GitLab Community Edition, GitLab CVE-2023-7028 CVE-2023-5356, GitLab Enterprise Edition, GitLab Patches, GitLab Security, GitLab Vulnerability, NSA/CISA, Password reset, Password reset protection, SB Blogwatch, software supply chain, software supply chain attack, software supply chain attacks, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity
Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability ...
Security Boulevard
CISA, DHS, President, cyber threats, Seal of the Cybersecurity & Infrastructure Security Agency

Sisense Hacked: CISA Warns Customers at Risk

| | Amazon Web Services (AWS), aws, AWS access keys, AWS bucket, cisa, CISA Advisories, CISA Advisory, CISA Alert, CISA warning, CISA.gov, depth, NSA/CISA, Sangram Dash, SB Blogwatch, Sisense
A hard-coded credential catastrophe: The analytics firm kept big companies’ secrets in an insecure AWS bucket. Government says victims include the “critical infrastructure sector.” ...
Security Boulevard
backups, ransomware, backup data, strategy, securely, data catalog, security, orescout, syndicate, data GPS, data, privacy, Realm.Security, telemetry data, Veeam, recovery, sensitive, data, cyber resilience, ransomware loanDepot financial services

CISA, FBI Push Software Developers to Eliminate SQL Injection Flaws

| | CISA Advisory, FBI, SQL injection attack
The federal government is putting pressure on software makers to ensure that their products don’t include SQL injection vulnerabilities, a longtime and ongoing threat that was put in the spotlight with last ...
Security Boulevard
ransomware, backups, LockBit ransomware Federal Reserve

CISA, Mandiant Warn of a Worsening Situation for Ivanti Users

| | china espionage, CISA Advisory, Ivanti Vulnerabilities, Mandiant
The federal government and cybersecurity teams are warning organizations that threat groups are exploiting multiple flaws in Ivanti’s VPN appliances despite the vendor’s Integrity Checking Tool (ICT) and even after factory resets ...
Security Boulevard
Load more