Attacks

CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international partners, have released new cybersecurity guidance: Principles for the Secure Integration of Artificial Intelligence in Operational Technology. This guidance aims to help critical infrastructure owners and operators integrate artificial intelligence (AI) into operational technology (OT) systems securely, balancing the benefits of AI—such as increased efficiency, enhanced decision-making, and cost savings—with the unique risks it poses to the safety, security, and reliability…

Read More

CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications (apps).1 These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s mobile device.   These cyber actors use tactics such as: Phishing and malicious device-linking QR codes to compromise victim accounts…

Read More

Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help Internet Service Providers (ISPs) and network defenders mitigate cybercriminal activity enabled by Bulletproof Hosting (BPH) providers. A BPH provider is an internet infrastructure provider that knowingly leases infrastructure to cybercriminals. These providers…

Read More

CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall. This vulnerability affects the following FortiWeb versions:1 8.0.0 through 8.0.1 7.6.0 through 7.6.4 7.4.0 through 7.4.9 7.2.0 through 7.2.11 7.0.0 through 7.0.11 CVE-2025-64446 is a relative path traversal vulnerability CWE-23: Relative Path Traversal that may allow an unauthenticated malicious actor to execute administrative commands on a system via specially crafted HTTP or HTTPS requests.  Fortinet recommends affected…

Read More

CISA released 18 Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.   ICSA-25-317-01 Mitsubishi Electric MELSEC iQ-F Series ICSA-25-317-02 AVEVA Application Server IDE ICSA-25-317-03 AVEVA Edge ICSA-25-317-04 Brightpick Mission Control / Internal Logic Control ICSA-25-317-05 Rockwell Automation Verve Asset Manager ICSA-25-317-06 Rockwell Automation Studio 5000 Simulation Interface ICSA-25-317-07 Rockwell Automation FactoryTalk DataMosaix Private Cloud ICSA-25-317-08 General Industrial Controls Lynx+ Gateway ICSA-25-317-09 Rockwell Automation FactoryTalk Policy…

Read More

Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, #StopRansomware: Akira Ransomware, to provide network defenders with the latest indicators of compromise, tactics, techniques, and procedures, and detection methods associated with Akira ransomware activity. This advisory reflects new findings as of Nov. 13, 2025, highlighting Akira ransomware’s evolution and continued threat…

Read More

CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations.  The implementation guidance provides information on the minimum software versions that…

Read More

Today, CISA, in partnership with the National Security Agency and international cybersecurity partners, released Microsoft Exchange Server Security Best Practices, a guide to help network defenders harden on-premises Exchange servers against exploitation by malicious actors. Threat activity targeting Exchange continues to persist, and organizations with unprotected or misconfigured Exchange servers remain at high risk of compromise.  Best practices in this guide focus on hardening user authentication and access, ensuring strong network encryption, and minimizing application…

Read More

Microsoft released an update to address a critical remote code execution vulnerability impacting Windows Server Update Service (WSUS) in Windows Server (2012, 2016, 2019, 2022, and 2025), CVE-2025-59287, that a prior update did not fully mitigate.  CISA strongly urges organizations to implement Microsoft’s updated Windows Server Update Service (WSUS) Remote Code Execution Vulnerability guidance, 1 or risk an unauthenticated actor achieving remote code execution with system privileges. Immediate actions for organizations with affected products are:…

Read More

CISA released 10 Industrial Control Systems (ICS) advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-294-01 Rockwell Automation 1783-NATR ICSA-25-294-02 Rockwell Automation Compact GuardLogix 5370 ICSA-25-294-03 Siemens SIMATIC S7-1200 CPU V1/V2 Devices ICSA-25-294-04 Siemens RUGGEDCOM ROS Devices ICSA-25-294-05 CloudEdge Online Cameras and App ICSA-25-294-06 Raisecomm RAX701-GC Series ICSMA-25-294-01 Oxford Nanopore Technologies MinKNOW ICSA-25-035-07 Schneider Electric Pro-Face GP-Pro EX and Remote HMI (Update A) ICSA-24-354-07 Schneider Electric Modicon Controllers…

Read More