CISA Adds Cisco ISE and PaperCut Vulnerabilities to Known Exploited Vulnerabilities Catalog

Threat Score:
46
The Cyber Express
7 days ago

Overview

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding three high-impact vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These include two unauthenticated remote code execution flaws in Cisco Identity Services Engine (ISE) and one cross-site request forgery (CSRF) vulnerability affecting PaperCut NG/MF software. Critical Cisco ISE Flaws: CVE‑2025‑20281 and CVE‑2025‑20337 The first two vulnerabilities , CVE‑2025‑20281 and CVE‑202...

Related Articles

5 articles
2

APT36 Targets Indian Government: Credential Theft Campaign Uncovered

GB Hackers 4 hours ago

APT36 Targets Indian Government: Credential Theft Campaign Uncovered A sophisticated phishing campaign attributed with medium confidence to the Pakistan-linked APT36 group, also known as Transparent Tribe or Mythic Leopard, has been uncovered targeting Indian defense organizations and government entities. This operation employs typo-squatted domains that mimic official Indian government platforms, such as mail.mgovcloud.in and virtualeoffice.cloud, to deceive users into surrendering credentials.

Score
84
Read more
3

North Korean Hackers Exploit NPM Packages to Steal Cryptocurrency and Sensitive Data

GB Hackers 5 hours ago

North Korean Hackers Exploit NPM Packages to Steal Cryptocurrency and Sensitive Data Veracode Threat Research has uncovered a sophisticated North Korean cryptocurrency theft operation that continues to evolve, building on campaigns previously reported in February and June 2024. This latest iteration involves twelve malicious NPM packages, including cloud-binary, json-cookie-csv, cloudmedia, and nodemailer-enhancer, which were flagged by automated monitoring systems and subsequently removed from

Score
84
Read more