Our news

  • ​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​

    CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications (apps).1 These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s

    READ MORE

  • Vulnerability Summary for the Week of November 17, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info ABB–ABB Ability Edgenius Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1. 2025-11-20 9.6 CVE-2025-10571 https://search.abb.com/library/Download.aspx?DocumentID=7PAA022088&LanguageCode=en&DocumentPartId=&Action=Launch  AMD–AMD StoreMI A DLL hijacking vulnerability in AMD StoreMIâ„¢ could allow an attacker to

    READ MORE

  • CISA Releases Guide to Mitigate Risks from Bulletproof Hosting Providers

    Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help Internet Service Providers (ISPs) and network defenders mitigate cybercriminal activity enabled by

    READ MORE

  • Deepfakes (Voice and Video): DefendEdge Executive Brief Risks, Tools, Detection, and Client-Facing Guidance

    Executive Summary Voice and video deepfakes are actively used to impersonate senior leaders and push payments, credentials, and malware in real time. Recent events include an attempted impersonation of WPP executives that staff blocked, and North Korea–aligned BlueNoroff using deepfaked Zoom calls to deliver macOS malware. The FBI’s Internet Crime Complaint Center (IC3) warned on

    READ MORE

  • Vulnerability Summary for the Week of November 10, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info leopardhost–TNC Toolbox: Web Performance The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) in

    READ MORE

  • Why SIEM is the Heartbeat of Security Operations 

    Did you know that every 11 seconds, a business becomes a victim of a cyberattack? Here’s a lesser-known fact. Signs of the attack could have been present for a long time, written in the firewall, server, or endpoint logs. The challenge is not the data. The question is, how quickly can an organization leverage that

    READ MORE

  • CISA Releases 18 Industrial Control Systems Advisories

    CISA released 18 Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.   ICSA-25-317-01 Mitsubishi Electric MELSEC iQ-F Series ICSA-25-317-02 AVEVA Application Server IDE ICSA-25-317-03 AVEVA Edge ICSA-25-317-04 Brightpick Mission Control / Internal Logic Control ICSA-25-317-05 Rockwell Automation Verve Asset Manager ICSA-25-317-06 Rockwell Automation Studio 5000

    READ MORE

  • CISA and Partners Release Advisory Update on Akira Ransomware

    Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, #StopRansomware: Akira Ransomware, to provide network defenders with the latest indicators of compromise, tactics, techniques, and procedures, and detection methods associated with

    READ MORE

  • New Guidance Released on Microsoft Exchange Server Security Best Practices

    Today, CISA, in partnership with the National Security Agency and international cybersecurity partners, released Microsoft Exchange Server Security Best Practices, a guide to help network defenders harden on-premises Exchange servers against exploitation by malicious actors. Threat activity targeting Exchange continues to persist, and organizations with unprotected or misconfigured Exchange servers remain at high risk of

    READ MORE

  • The Truth Behind the “Brushing” Cyber Scam

    Of the various forms of e-commerce fraud, one of the lesser-known yet prevalent kinds is the brushing scam. This scam appears harmless; receivers will simply get a package they never ordered. However, behind every “free gift” is a manipulative operation abusing personal data and online trust. Description:The goal behind brushing scams are to generate fake

    READ MORE