Aggregator

LLM4Code Workshop征稿进行中！

US Cyber Defense Agency Faces 65% Furlough Rate Amid Federal Shutdown
The U.S. federal government shutdown has slashed staff at the nation's cyber defense agency and other key cyber entities, freezing daily operations, stalling grants and weakening threat coordination as state and local systems brace for lapses in federal support.

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2014-6278 GNU Bash OS Command Injection Vulnerability
• CVE-2015-7755 Juniper ScreenOS Improper Authentication Vulnerability
• CVE-2017-1000353 Jenkins Remote Code Execution Vulnerability
• CVE-2025-4008 Smartbedded Meteobridge Command Injection Vulnerability
• CVE-2025-21043 Samsung Mobile Devices Out-of-Bounds Write Vulnerability

These types of vulnerabilities are frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released two Industrial Control Systems (ICS) advisories on October 2, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-275-01 Raise3D Pro2 Series 3D Printers
• ICSA-25-275-02 Hitachi Energy MSM Product

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn’t kept up with today’s fast-moving threat landscape. Too often, findings are packaged into static reports, buried in PDFs or spreadsheets, and handed off manually to

The Georgia Institute of Technology is paying $875,000 to settle a False Claims Act lawsuit with the federal government, which accused an office at the school of not following cybersecurity rules on some defense contracts.

Громкие кейсы, тихая статистика — рынок труда не поддался ИИ.

September brought big updates to ANY.RUN. From four new connectors that plug our sandbox and threat intelligence straight into the world’s top SIEM and SOAR platforms, to a redesigned Threat Intelligence Lookup home screen built for speed and simplicity, your SOC now works smarter and faster than ever.   Add in 99 fresh signatures, 11 new YARA rules, and 2,322 […]

The post Release Notes: Palo Alto Networks, Microsoft, IBM Connectors and 2,300+ Suricata Rules appeared first on ANY.RUN's Cybersecurity Blog.

From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real

Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite. "This activity began on or

A vulnerability labeled as problematic has been found in Creativeitem Sociopro. The affected element is an unknown function of the file /sociopro/profile/update_profile of the component Query Handler. Executing manipulation of the argument Name can lead to cross site scripting. This vulnerability appears as CVE-2025-40992. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as critical has been detected in Canonical LXD up to 5.21.3/6.4. Impacted is an unknown function of the component Log File Handler. Performing manipulation results in path traversal. This vulnerability is reported as CVE-2025-54293. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Creativeitem Ekushey CRM 5.0. This issue affects some unknown processing of the file /ekushey/index.php/client/project_message/add/ of the component Query Handler. Such manipulation of the argument Message leads to cross site scripting. This vulnerability is documented as CVE-2025-40989. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in Creativeitem Ekushey CRM 5.0. It has been rated as problematic. This vulnerability affects unknown code of the file /ekushey/index.php/client/project_file/upload/ of the component Query Handler. This manipulation of the argument Description causes cross site scripting. This vulnerability is registered as CVE-2025-40991. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Creativeitem Ekushey CRM 5.0. It has been declared as problematic. This affects an unknown part of the file /ekushey/index.php/client/project_bug/create/ of the component Query Handler. The manipulation of the argument title/description results in cross site scripting. This vulnerability is cataloged as CVE-2025-40990. The attack may be launched remotely. There is no exploit available.

РЖД начинает проработку технологии, но не торопится отказываться от документов.

Name: WMCTF2025 (an WMCTF event.)
Date: Sept. 20, 2025, 2 a.m. — 21 Sept. 2025, 02:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://wmctf.wm-team.cn/
Rating weight: 80.00
Event organizers: W&M

Name: ATLA Opening Date CTF (an ATLA Opening Date CTF event.)
Date: Sept. 20, 2025, 5 a.m. — 20 Sept. 2025, 13:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Kyrgyzstan, Bishkek
Offical URL: https://ctf.atlabyte.com/
Rating weight: 0
Event organizers: ATLA CTF

Name: Holmes CTF 2025 (an Hack The Box CTF event.)
Date: Sept. 22, 2025, 1 p.m. — 26 Sept. 2025, 19:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.hackthebox.com/event/details/holmes-ctf-2025-2536
Rating weight: 24.00
Event organizers: Hack The Box