Current Activity

CISA Releases Cybersecurity Advisory on SimpleHelp RMM Vulnerability

Today, CISA released Cybersecurity Advisory: Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider. This advisory is in response to ransomware actors targeting customers…

Comments Off

June 13, 2025

Current Activity

Updated Guidance on Play Ransomware

CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued an updated advisory on Play ransomware, also known as Playcrypt. This…

Comments Off

June 5, 2025

Current Activity

Advisory Update on Cyber Threat Activity Targeting Commvault’s SaaS Cloud Application (Metallic)

Commvault is monitoring cyber threat activity targeting their applications hosted in their Microsoft Azure cloud environment. Threat actors may have accessed client secrets for Commvault’s (Metallic) Microsoft 365 (M365) backup software-as-a-service…

Comments Off

May 23, 2025

Current Activity

Threat Actors Target U.S. Critical Infrastructure with LummaC2 Malware

Today, CISA and the Federal Bureau of Investigation released a joint Cybersecurity Advisory, LummaC2 Malware Targeting U.S. Critical Infrastructure Sectors. This advisory details the tactics, techniques, and procedures, and indicators…

Comments Off

May 22, 2025

Current Activity

Russian GRU Cyber Actors Targeting Western Logistics Entities and Tech Companies

Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and other U.S. and international partners released a joint Cybersecurity Advisory, Russian GRU Targeting Western Logistics Entities and Technology…

Comments Off

May 22, 2025

Current Activity

Update to How CISA Shares Cyber-Related Alerts and Notifications

Starting May 12, CISA is changing how we announce cybersecurity updates and the release of new guidance. These announcements will only be shared through CISA social media platforms and email…

Comments Off

May 13, 2025

Current Activity

CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise

CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents…

Comments Off

April 17, 2025

Current Activity

Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities

Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities (CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475) within FortiGate products. This malicious file could enable read-only access…

Comments Off

April 12, 2025

Current Activity

Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457)

Ivanti released security updates to address vulnerabilities (CVE-2025-22457) in Ivanti Connect Secure, Policy Secure & ZTA Gateways. A cyber threat actor could exploit CVE-2025-22457 to take control of an affected system.…

Comments Off

April 5, 2025

Current Activity

CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure

CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA[1]…

Comments Off

March 29, 2025