US-Cert Current Activity

Subscribe to US-Cert Current Activity feed
Updated: 21 min 8 sec ago

CISA Adds One Known Exploited Vulnerability to Catalog

Tue, 04/01/2025 - 8:00am

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Releases Two Industrial Control Systems Advisories

Tue, 04/01/2025 - 8:00am

CISA released two Industrial Control Systems (ICS) advisories on April 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

CISA Adds One Known Exploited Vulnerability to Catalog

Mon, 03/31/2025 - 8:00am

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure

Fri, 03/28/2025 - 8:00am

CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA[1] malware variant, including surviving reboots; however, RESURGE contains distinctive commands that alter its behavior. These commands: 

  • Create a web shell, manipulate integrity checks, and modify files. 
  • Enable the use of web shells for credential harvesting, account creation, password resets, and escalating permissions. 
  • Copy the web shell to the Ivanti running boot disk and manipulate the running coreboot image. 


RESURGE is associated with the exploitation of CVE-2025-0282 in Ivanti Connect Secure appliances. CVE-2025-0282 is a stack-based buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. CISA added CVE-2025-0282 to its Known Exploited Vulnerabilities Catalog on January 8, 2025.  

For more information on the abovementioned malware variants and YARA rules for detection, see: MAR-25993211.R1.V1.CLEAR.

For a downloadable copy of the SIGMA rule associated with this MAR, see: AR25-087A SIGMA YAML.

CISA urges users and administrators to implement the following actions in addition to the Mitigation Instructions for CVE-2025-0282

  • For the highest level of confidence, conduct a factory reset.
    • For Cloud and Virtual systems, conduct a factory reset using an external known clean image of the device. 
  • Reset credentials of privileged and non-privileged accounts.  
  • Reset passwords for all domain users and all local accounts, such as Guest, HelpAssistant, DefaultAccount, System, Administrator, and krbtgt. The krbtgt account is responsible for handling Kerberos ticket requests as well as encrypting and signing them. The krbtgt account should be reset twice because the account has a two-password history. The first account reset for the krbtgt needs to be allowed to replicate prior to the second reset to avoid any issues. See CISA’s Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise for more information. Although tailored to Federal Civilian Executive Branch (FCEB) agencies compromised in the 2020 SolarWinds Orion supply chain compromise, the steps are applicable to organizations with Windows AD compromise. 
  • Review access policies to temporarily revoke privileges/access for affected devices. If it is necessary to not alert the attacker (e.g., for intelligence purposes), then privileges can be reduced for affected accounts/devices to “contain” them. 
  • Reset the relevant account credentials or access keys if the investigation finds the threat actor’s access is limited to non-elevated permissions. 
  • Monitor related accounts, especially administrative accounts, for any further signs of unauthorized access. 


Organizations should report incidents and anomalous activity related to information found in the malware analysis report to CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870. Malware submissions can be made directly to Malware Nextgen at https://malware.cisa.gov

See the following resources for more guidance: 

Categories: US-CERT Feed

CISA Adds One Known Exploited Vulnerability to Catalog

Thu, 03/27/2025 - 8:00am

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Releases One Industrial Control Systems Advisory

Thu, 03/27/2025 - 8:00am

CISA released one Industrial Control Systems (ICS) advisory on March 27, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Wed, 03/26/2025 - 8:00am

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
  • CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Releases Four Industrial Control Systems Advisories

Tue, 03/25/2025 - 8:00am

CISA released four Industrial Control Systems (ICS) advisories on March 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

CISA Adds One Known Exploited Vulnerability to Catalog

Mon, 03/24/2025 - 8:00am

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2025-30154 reviewdog action-setup GitHub Action Embedded Malicious Code Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Releases Five Industrial Control Systems Advisories

Thu, 03/20/2025 - 8:00am

CISA released five Industrial Control Systems (ICS) advisories on March 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Wed, 03/19/2025 - 8:00am

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
  • CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
  • CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066

Tue, 03/18/2025 - 8:00am

A popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was compromised. This GitHub Action is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets including, but not limited to, valid access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys. This has been patched in v46.0.1. 

CISA added CVE-2025-30066 to its Known Exploited Vulnerabilities Catalog

CISA strongly urges users to implement the recommendations to mitigate this compromise and strengthen security when using third-party actions.  

See the following resources for more guidance: 

Organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870.  

This alert is provided “as is” for informational purposes only. CISA does not provide any warranties of any kind regarding any information within. CISA does not endorse any commercial product, entity, or service referenced in this alert or otherwise. 

Categories: US-CERT Feed

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Tue, 03/18/2025 - 8:00am

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
  • CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Releases Seven Industrial Control Systems Advisories

Tue, 03/18/2025 - 8:00am

CISA released seven Industrial Control Systems (ICS) advisories on March 18, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

CISA Releases Thirteen Industrial Control Systems Advisories

Thu, 03/13/2025 - 8:00am

CISA released thirteen Industrial Control Systems (ICS) advisories on March 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Thu, 03/13/2025 - 8:00am

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
  • CVE-2025-21590 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA and Partners Release Cybersecurity Advisory on Medusa Ransomware

Wed, 03/12/2025 - 8:00am

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released joint Cybersecurity Advisory, #StopRansomware: Medusa Ransomware. This advisory provides tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and detection methods associated with known Medusa ransomware activity.

Medusa is a ransomware-as-a-service variant used to conduct ransomware attacks; as of December 2024, over 300 victims from critical infrastructure sectors have been impacted. Medusa actors use common techniques like phishing campaigns and exploiting unpatched software vulnerabilities.

Immediate actions organizations can take to mitigate Medusa ransomware activity: 

  • Ensure operating systems, software, and firmware are patched and up to date.
  • Segment networks to restrict lateral movement.
  • Filter network traffic by preventing unknown or untrusted origins from accessing remote services.

CISA encourages network defenders to review the advisory and implement the recommended mitigations to reduce the likelihood and impact of Medusa ransomware incidents. See #StopRansomware and the #StopRansomware Guide for additional guidance on ransomware protection, detection, and response.

Categories: US-CERT Feed

CISA Adds Six Known Exploited Vulnerabilities to Catalog

Tue, 03/11/2025 - 8:00am

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
  • CVE-2025-24984 Microsoft Windows NTFS Information Disclosure Vulnerability
  • CVE-2025-24985 Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
  • CVE-2025-24991 Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
  • CVE-2025-24993 Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
  • CVE-2025-26633 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Releases Two Industrial Control Systems Advisories

Tue, 03/11/2025 - 8:00am

CISA released two Industrial Control Systems (ICS) advisories on March 11, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Mon, 03/10/2025 - 8:00am

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2025-25181 Advantive VeraCore SQL Injection Vulnerability
  • CVE-2024-57968 Advantive VeraCore Unrestricted File Upload Vulnerability
  • CVE-2024-13159 Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
  • CVE-2024-13160 Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
  • CVE-2024-13161 Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

Pages