Skip to content
The Nexus
DossierENTITY

U.S. Cybersecurity and Infrastructure Security Agency

Coverage of U.S. Cybersecurity and Infrastructure Security Agency in the Nexus archive.

Earliest in view: Apr 14 · 05:39 UTCMost recent: Jul 8 · 09:58 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJul 8 · 09:58 UTCBLEEPING COMPUTER
    CISA orders feds to prioritize patching Langflow auth bypass flaw

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch an actively exploited vulnerability in the Langflow visual framework for building AI agents, setting a deadline of Friday.

  • SECURITYJul 8 · 07:16 UTCBLEEPING COMPUTER
    CISA orders feds to patch max severity ColdFusion flaw by Friday

    CISA has ordered U.S. government agencies to patch a maximum-severity flaw in Adobe ColdFusion by Friday due to active exploitation. The flaw affects the Adobe ColdFusion web application development platform.

  • SECURITYJun 30 · 13:05 UTCJUST SECURITY
    Hiding in Plain Sight: The Geopolitics of Software Supply Chains

    Anthropic's Claude Mythos AI model can rapidly identify and exploit software vulnerabilities, prompting U.S. government reevaluation of AI oversight. The article highlights strategic risks in software supply chains, including governance gaps and foreign influence, urging defense officials to apply rigorous scrutiny to critical systems akin to physical supply chains.

  • SECURITYJun 17 · 10:09 UTCBLEEPING COMPUTER
    CISA orders feds to patch max severity Joomla plugin flaw by Friday

    CISA has mandated federal agencies to address a maximum-severity vulnerability in the Joomla Content Editor (JCE) plugin, which is currently being exploited. The flaw is part of the Widget Factory plugin and requires immediate patching by Friday.

  • SECURITYJun 17 · 05:50 UTCTHE HACKER NEWS
    CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

    CISA added a maximum-severity vulnerability in Joomla JCE to its KEV catalog, citing active exploitation. The flaw, CVE-2026-48907 with a CVSS score of 10.0, involves improper access control allowing arbitrary PHP code execution.

  • SECURITYJun 15 · 21:48 UTCTHE REGISTER
    Cisco SD-WAN make-me-root bug under attack

    Cisco issued a fix for a critical vulnerability (CVE-2026-20262) in its Catalyst SD-WAN Manager, which attackers are actively exploiting to gain root privileges. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities catalog and mandated federal agencies to patch within two weeks. The vulnerability arises from improper input validation during file uploads, requiring valid credentials for exploitation.

  • SECURITYJun 12 · 08:26 UTCBLEEPING COMPUTER
    CISA orders feds to patch actively exploited Ivanti flaw by Sunday

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch an actively exploited Ivanti Sentry flaw within three days as mandated by the newly issued Binding Operational Directive (BOD) 26-04.

  • SECURITYJun 9 · 06:26 UTCTHE HACKER NEWS
    LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

    CISA added a high-severity command injection vulnerability (CVE-2026-42271) in BerriAI LiteLLM to its KEV catalog due to active exploitation. The flaw allows authenticated users to execute arbitrary commands on affected systems.

  • SECURITYJun 3 · 15:36 UTCBLEEPING COMPUTER
    CISA warns of active attacks exploiting Android, Linux bugs

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system.

  • SECURITYJun 2 · 18:14 UTCTHE HACKER NEWS
    Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

    CISA added a high-severity vulnerability (CVE-2024-21182) in Oracle WebLogic Server to its KEV Catalog due to evidence of active exploitation. The flaw allows unauthenticated attackers to take control of vulnerable servers.

  • SECURITYMay 23 · 07:23 UTCTHE HACKER NEWS
    Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

    CISA has added a critical SQL injection vulnerability (CVE-2026-9082) in Drupal Core to its KEV catalog due to active exploitation. The flaw affects all supported versions of Drupal Core and carries a CVSS score of 6.5.

  • SECURITYMay 3 · 06:26 UTCTHE HACKER NEWS
    CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

    CISA added a critical Linux privilege escalation vulnerability (CVE-2026-31431) to its KEV catalog due to active exploitation. The flaw, with a CVSS score of 7.8, allows local attackers to gain root access on affected Linux distributions.

  • SECURITYApr 29 · 10:29 UTCBLEEPING COMPUTER
    CISA orders feds to patch Windows flaw exploited as zero-day

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has directed federal agencies to address a critical Windows vulnerability being exploited in zero-day attacks. The directive emphasizes urgent patching to mitigate potential breaches.

  • SECURITYApr 25 · 05:08 UTCTHE HACKER NEWS
    CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

    CISA added four actively exploited vulnerabilities to its KEV catalog, affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers, with a federal remediation deadline set for May 2026. One vulnerability, CVE-2024-57726, has a critical CVSS score of 9.9 due to a missing authorization flaw.

  • SECURITYApr 24 · 17:06 UTCTHE HACKER NEWS
    FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

    CISA and the UK's NCSC disclosed that a federal civilian agency's Cisco Firepower device running ASA software was compromised in September 2025 by the FIRESTARTER backdoor malware. The malware, designed for remote access, persisted despite security patches, indicating a sophisticated cyberattack.

  • SECURITYApr 21 · 06:23 UTCTHE HACKER NEWS
    CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

    CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws in Cisco Catalyst SD-WAN Manager actively exploited in the wild. The agency set federal deadlines for remediation between April and May 2026, with CVE-2023-27351 highlighted as a high-severity authentication flaw in PaperCut.

  • SECURITYApr 17 · 03:22 UTCTHE HACKER NEWS
    Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

    A high-severity vulnerability (CVE-2026-34197) in Apache ActiveMQ Classic is being actively exploited, prompting CISA to add it to its KEV catalog with a CVSS score of 8.8. Federal civilian agencies are required to address the flaw immediately.

  • SECURITYApr 14 · 05:39 UTCTHE HACKER NEWS
    CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

    CISA added six actively exploited vulnerabilities to its KEV catalog, including an SQL injection flaw in Fortinet FortiClient EMS (CVE-2026-21643) with a CVSS score of 9.1. The vulnerabilities affect software from Fortinet, Microsoft, and Adobe.

U.S. Cybersecurity and Infrastructure Security Agency · Dossier · The Nexus