Aggregator

You must login to view this content

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2025-31125 Vite Vitejs Improper Access Control Vulnerability
• CVE-2025-34026 Versa Concerto Improper Authentication Vulnerability
• CVE-2025-54313 Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
• CVE-2025-68645 Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

ZEST Security introduces AI Sweeper Agents that identify which vulnerabilities are truly exploitable, helping security teams cut patch backlogs and focus on real risk.

The post ZEST Security Adds AI Agents to Identify Vulnerabilities That Pose No Actual Risk appeared first on Security Boulevard.

Claroty has secured $150 million in Series F funding led by Golub Growth, an affiliate of Golub Capital, with additional confirmed participation from existing investors up to $50 million. This investment will support global expansion through organic and inorganic growth as the company continues to pursue its vision of building a comprehensive CPS protection platform. Per Gartner, “With the emergence of CPS, ransomware and other cyber attacks originating in the cyber world now affect physical … More →

The post Claroty raises $150 million to advance global CPS protection platform appeared first on Help Net Security.

You must login to view this content

You must login to view this content

Security researchers uncovered 37 previously unknown vulnerabilities on the opening day of Pwn2Own Automotive 2026, earning a combined $516,500 in prize money, according to results released by Trend Micro’s Zero Day Initiative. The Master of Pwn leaderboard (Source: Trend Micro) Successful demonstrations targeted in-vehicle infotainment systems and electric vehicle charging hardware, with several high-profile automotive brands affected. Infotainment platforms from Tesla, Sony, and Alpine were among the systems compromised during demonstrations. Researchers achieved code execution … More →

The post Tesla, Sony, and Alpine systems compromised on day one of Pwn2Own Automotive 2026 appeared first on Help Net Security.