CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems. Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage. CISA strongly urges Critical Infrastructure Asset Owners and Operators to review the following fact sheet for detailed guidance on reducing the risk of potential intrusions:
CISA released three Industrial Control Systems (ICS) advisories on May 6, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
Despite the risks associated with artificial intelligence (AI) coding, developers remain enthusiastic, using it to keep up with the demand for delivery software at speed. A recent GitHub survey found that 92% of U.S.-based developers are using AI coding regularly. But while many developers are using AI to assist them in writing code, they seem to be doing so warily. A 2024 developer survey found that less than half of developers (43%) felt good about the accuracy of AI tools, while 31% were skeptical about them.
The post MIT researchers look to tame AI code with new controls appeared first on Security Boulevard.
Editor’s note: The current article is authored by Mauro Eldritch, offensive security expert and threat intelligence analyst. You can find Mauro on X. These days, it’s easy to come across new ransomware strains without much effort. But the ransomware threat landscape is far broader than it seems, especially when you dive into the commodity ransomware scene. This type of […]
The post Mamona: Technical Analysis of a New Ransomware Strain appeared first on ANY.RUN's Cybersecurity Blog.