Current Activity

Threat Actors Target U.S. Critical Infrastructure with LummaC2 Malware

Today, CISA and the Federal Bureau of Investigation released a joint Cybersecurity Advisory, LummaC2 Malware Targeting U.S. Critical Infrastructure Sectors. This advisory details the tactics, techniques, and procedures, and indicators…

Comments Off

May 22, 2025

Current Activity

Russian GRU Cyber Actors Targeting Western Logistics Entities and Tech Companies

Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and other U.S. and international partners released a joint Cybersecurity Advisory, Russian GRU Targeting Western Logistics Entities and Technology…

Comments Off

May 22, 2025

Current Activity

Update to How CISA Shares Cyber-Related Alerts and Notifications

Starting May 12, CISA is changing how we announce cybersecurity updates and the release of new guidance. These announcements will only be shared through CISA social media platforms and email…

Comments Off

May 13, 2025

Current Activity

CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise

CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents…

Comments Off

April 17, 2025

Current Activity

Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities

Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities (CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475) within FortiGate products. This malicious file could enable read-only access…

Comments Off

April 12, 2025

Current Activity

Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457)

Ivanti released security updates to address vulnerabilities (CVE-2025-22457) in Ivanti Connect Secure, Policy Secure & ZTA Gateways. A cyber threat actor could exploit CVE-2025-22457 to take control of an affected system.…

Comments Off

April 5, 2025

Current Activity

CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure

CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA[1]…

Comments Off

March 29, 2025

Current Activity

Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066

A popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was compromised. This GitHub Action is designed to detect which files have changed in a pull request or commit. The supply…

Comments Off

March 19, 2025

Current Activity

CISA Releases Thirteen Industrial Control Systems Advisories

CISA released thirteen Industrial Control Systems (ICS) advisories on March 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-072-01 Siemens Teamcenter Visualization…

Comments Off

March 14, 2025

Current Activity

CISA and Partners Release Cybersecurity Advisory on Medusa Ransomware

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released joint Cybersecurity Advisory, #StopRansomware: Medusa Ransomware. This advisory provides tactics, techniques, and…

Comments Off

March 13, 2025