Malware

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of ongoing intrusions by People’s Republic of China (PRC) state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows environments.3 Victim organizations are primarily in the Government Services and Facilities and Information Technology Sectors. BRICKSTORM enables cyber threat actors to maintain stealthy access and provides capabilities for initiation, persistence, and secure command and control.…

Read More

CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international partners, have released new cybersecurity guidance: Principles for the Secure Integration of Artificial Intelligence in Operational Technology. This guidance aims to help critical infrastructure owners and operators integrate artificial intelligence (AI) into operational technology (OT) systems securely, balancing the benefits of AI—such as increased efficiency, enhanced decision-making, and cost savings—with the unique risks it poses to the safety, security, and reliability…

Read More

CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications (apps).1 These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s mobile device.   These cyber actors use tactics such as: Phishing and malicious device-linking QR codes to compromise victim accounts…

Read More

Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help Internet Service Providers (ISPs) and network defenders mitigate cybercriminal activity enabled by Bulletproof Hosting (BPH) providers. A BPH provider is an internet infrastructure provider that knowingly leases infrastructure to cybercriminals. These providers…

Read More

CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall. This vulnerability affects the following FortiWeb versions:1 8.0.0 through 8.0.1 7.6.0 through 7.6.4 7.4.0 through 7.4.9 7.2.0 through 7.2.11 7.0.0 through 7.0.11 CVE-2025-64446 is a relative path traversal vulnerability CWE-23: Relative Path Traversal that may allow an unauthenticated malicious actor to execute administrative commands on a system via specially crafted HTTP or HTTPS requests.  Fortinet recommends affected…

Read More

CISA released 18 Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.   ICSA-25-317-01 Mitsubishi Electric MELSEC iQ-F Series ICSA-25-317-02 AVEVA Application Server IDE ICSA-25-317-03 AVEVA Edge ICSA-25-317-04 Brightpick Mission Control / Internal Logic Control ICSA-25-317-05 Rockwell Automation Verve Asset Manager ICSA-25-317-06 Rockwell Automation Studio 5000 Simulation Interface ICSA-25-317-07 Rockwell Automation FactoryTalk DataMosaix Private Cloud ICSA-25-317-08 General Industrial Controls Lynx+ Gateway ICSA-25-317-09 Rockwell Automation FactoryTalk Policy…

Read More

Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, #StopRansomware: Akira Ransomware, to provide network defenders with the latest indicators of compromise, tactics, techniques, and procedures, and detection methods associated with Akira ransomware activity. This advisory reflects new findings as of Nov. 13, 2025, highlighting Akira ransomware’s evolution and continued threat…

Read More

CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations.  The implementation guidance provides information on the minimum software versions that…

Read More