Aggregator

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2009-0238 Microsoft Office Remote Code Execution Vulnerability
• CVE-2026-32201 Microsoft SharePoint Server Improper Input Validation Vulnerability 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

DataVisor has announced Vera, a suite of conversational AI agents designed to combat financial crime. Vera enables institutions to manage risk using natural language, allowing teams to issue instructions that AI agents execute across the fraud and AML lifecycle. By reducing manual workflows, the platform supports a more efficient and adaptive operating model for modern financial crime prevention. Fraudsters are weaponizing AI, scaling attacks, and exploiting vulnerabilities faster than humans can respond. DataVisor’s 2026 Fraud … More →

The post DataVisor brings conversational AI agents to fraud and AML operations appeared first on Help Net Security.

You must login to view this content

“Unauthorized third parties may have been able to access certain booking information associated with your reservation,” email alerts sent out by Booking.com over the weekend warn. The online travel agency did not say which system(s) were accessed by the unauthorized third parties nor explained the scope of the incident. They only said that they “recently noticed suspicious activity affecting a number of reservations” and that their investigation revealed that the attackers may have accessed name(s), … More →

The post Booking.com data breach: Customer reservation data exposed appeared first on Help Net Security.

Binary Defense has announced the launch of NightBeacon Detect, a new module within NightBeacon, the company’s AI-driven SOC platform. The first capability released is Detection Coverage Index, a confidence-based view of how well an organization is covered against specific threat actors, their tactics, techniques, and sub-techniques, and how that coverage changes over time. NightBeacon Detect solves the problem with how detection coverage is measured Security teams invest heavily in detection tools, rules, and telemetry, yet … More →

The post Binary Defense expands NightBeacon with threat-aligned Detection Coverage Index appeared first on Help Net Security.