cisa – Seite 3 – Wolfinisoftware.de

security

17 Jahre alte Excel-Schwachstelle wird sehr wahrscheinlich ausgenutzt

22.04.2026

Die CISA meldet die Ausnutzung von zwei Sicherheitslücken, die bereits 17 und 14 Jahre alt sind. Anfällig sind EoL‑Versionen von Office und Visual Basic for Applications, die keine Sicherheitsupdates mehr erhalten. Unternehmen sollten dringend auf unterstützte Versionen migrieren.

Mehr lesen →

security

CISA flags new SD-WAN flaw as actively exploited in attacks

21.04.2026

CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. […]

Mehr lesen →

soc

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

21.04.2026

CISA expanded the KEV catalog with eight flaws, but five of them have been flagged as exploited before. The post Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities appeared first on SecurityWeek.

Mehr lesen →

security

Angriffe auf Cisco SD-WAN, Zimbra, TeamCity, PaperCut und mehr beobachtet

21.04.2026

Die US-IT-Sicherheitsbehörde CISA warnt aktuell vor Angriffen auf Cisco SD-WAN, Zimbra, TeamCity, PaperCut und weitere Software.

Mehr lesen →

security

CISA warnt vor Angriffen auf Microsoft Exchange und Windows CLFS

21.04.2026

Zwei drei Jahre alte Sicherheitslücken werden derzeit für Cyberangriffe missbraucht. Microsoft Exchange und Windows Common Log File System stehen unter Beschuss, Admins sollten schnellstmöglich die gepatchten Versionen installieren.

Mehr lesen →

soc

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

20.04.2026

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2023-27351 PaperCut NG/MF Improper Authentication Vulnerability CVE-2024-27199 JetBrains TeamCity Relative Path Traversal Vulnerability CVE-2025-2749 Kentico Xperience Path Traversal Vulnerability CVE-2025-32975 Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability CVE-2025-48700 Synacor Zimbra Collaboration Suite (ZCS) Cross-site […]

Mehr lesen →

security

Kritische FortiClient-Schwachstelle wird in Angriffen genutzt

20.04.2026

Die CISA drängt US-Behörden eine kritische SQL-Injection-Schwachstelle in FortiClient EMS von Fortinet zu schließen, da sie aktiv ausgenutzt wird. Auch Unternehmen sollten schnellstmöglich handeln.

Mehr lesen →

soc

FIRESTARTER Backdoor

17.04.2026

Malware Analysis Report at a Glance Malware Name FIRESTARTER Original Publication April 23, 2026 Executive Summary The Cybersecurity and Infrastructure Security Agency (CISA) analyzed a sample of FIRESTARTER malware obtained from a forensic investigation. CISA and the United Kingdom National Cyber Security Centre (NCSC) assess advanced persistent threat (APT) actors are using FIRESTARTER malware for […]

Mehr lesen →

security

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

17.04.2026

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years. […]

Mehr lesen →

soc

CISA Adds One Known Exploited Vulnerability to Catalog

16.04.2026

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-34197 Apache ActiveMQ Improper Input Validation Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant […]

Mehr lesen →

Tag: cisa