Cybersecurity and Infrastructure Security Agency is a organization tracked across 34 threat clusters and 43 intelligence report mentions on ThreatCluster. First observed November 11, 2025; most recent activity July 11, 2026.
A cyberattack targeting Poland's energy grid in December has been linked to a Russian government-affiliated hacking group. The attack affected 30 wind and photovoltaic farms and prompted the Cybersecurity and…
A cyber threat actor has been exploiting a zero-day vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller since 2023. This vulnerability allows unauthenticated remote attackers to bypass authentication and…
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
A sophisticated backdoor malware named Firestarter has been discovered on Cisco Firepower devices, attributed to the state-sponsored threat actor UAT-4356. The malware exploits two vulnerabilities, CVE-2025-20333 and…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding a critical vulnerability in the PX4 Autopilot system, tracked as CVE-2026-1579, published on March 31, 2026. This…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability (CVE-2026-54420) in the LiteSpeed cPanel user-end plugin, which allows attackers with FTP or web…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical authentication bypass vulnerability in SimpleHelp, tracked as CVE-2026-48558, which is actively being exploited. This flaw…
A newly disclosed vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named 'Copy Fail', allows unprivileged local users to gain root access on virtually all major Linux distributions released since 2017.…
Two critical vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM), CVE-2026-1281 and CVE-2026-1340, have been actively exploited in the wild, allowing unauthenticated remote code execution (RCE) with a CVSS score…
The FDA and CISA have issued advisories regarding significant cybersecurity vulnerabilities in Contec CMS8000 and Epsimed MN-120 patient monitors. These devices are at risk due to a backdoor in their firmware, which…