CISA is a organization tracked across 38 threat clusters and 48 intelligence report mentions on ThreatCluster. First observed October 30, 2025; most recent activity July 4, 2026.
Cisco has addressed a maximum-severity vulnerability in AsyncOS, tracked as CVE-2025-20393, which has been actively exploited for at least a month. The flaw affects Secure Email Gateway (SEG) and Secure Email and Web…
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
Chinese operatives have revived the KV-botnet, a covert data transfer network previously dismantled by the FBI in January 2024. The botnet, which primarily exploits vulnerable routers and IoT devices, has seen a…
TP-Link has patched multiple critical vulnerabilities in its Archer NX router series, specifically affecting models NX200, NX210, NX500, and NX600. The most severe flaw, CVE-2025-15517, allows unauthenticated attackers…
A report from Forescout reveals a record number of industrial control system (ICS) vulnerabilities, with 3,637 advisories published by CISA/ICS-CERT from March 2010 to January 31, 2026. In 2025 alone, there were over…
CISA has issued a warning to U.S. government agencies regarding a privilege escalation vulnerability in Windows Task Host, tracked as CVE-2025-60710. This vulnerability, affecting Windows 11 and Windows Server 2025,…
WatchGuard Technologies released patches on July 2, 2026, for a critical remote code execution vulnerability (CVE-2026-13368) affecting all supported Firebox firewall models. This flaw, linked to a race condition in the…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…
WatchGuard has issued a warning about a critical remote code execution vulnerability, tracked as CVE-2025-14733, affecting its Firebox firewalls running Fireware OS 11.x and later. The flaw allows unauthenticated…
A contractor for the U.S. Cybersecurity and Infrastructure Security Agency (CISA) left a public GitHub repository named 'Private-CISA' exposed for six months, containing sensitive credentials including AWS GovCloud…