Aggregator

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2026-34197 Apache ActiveMQ Improper Input Validation Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

Two American nationals have been sentenced to federal prison for operating a sophisticated “laptop farm” scheme. The operation successfully infiltrated over 100 U.S. companies, generating more than $5 million in illicit revenue to fund the Democratic People’s Republic of Korea (DPRK) and its weapons programs. Kejia Wang, 42, received a 108-month prison sentence, while his […]

The post Two U.S. Nationals Sentenced for Running Laptop Farm for DPRK Remote Workers appeared first on Cyber Security News.

A threat cluster tracked as UAC-0247 has been running an active campaign since early 2026, targeting local governments and municipal healthcare institutions across Ukraine, including clinical hospitals and emergency ambulance services. The attackers are not only stealing sensitive data from internet browsers and WhatsApp but are also moving quietly through compromised networks to expand their […]

The post New UAC-0247 Campaign Steals Browser and WhatsApp Data From Hospitals and Governments appeared first on Cyber Security News.

Cisco has issued an urgent security advisory warning of multiple vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). According to the official Cisco security advisory published on April 15, 2026, these flaws could allow an authenticated remote attacker to execute arbitrary commands on affected devices. They may also enable path […]

The post Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious Code appeared first on Cyber Security News.

Education publishing giant McGraw-Hill has confirmed a data breach following an extortion attempt, with more than 100GB of stolen data now publicly distributed online, exposing the personal information of approximately 13.5 million users. The breach, disclosed in April 2026, stems from a misconfiguration in McGraw-Hill’s Salesforce environment. According to the company, the incident exposed “a […]

The post McGraw Hill Confirms Data Breach Exposing 13.5 Million Users’ Personal Data appeared first on Cyber Security News.

You must login to view this content

You must login to view this content

You must login to view this content