FILTERING BY: CLEAR FILTER

CISA KEV Update: Active Exploitation of Google Chrome, Arista EOS, and Cisco Systems

CISA has updated its Known Exploited Vulnerabilities (KEV) catalog to include critical flaws in Google Chrome, Arista EOS, and Cisco Systems, transitioning these vulnerabilities from theoretical risks to confirmed active exploitations. The Chrome vulnerabilities involve sandbox escapes—addressed in the Stable Channel 149 update—allowing attackers to gain host-level execution from the browser process. Simultaneously, critical flaws in Arista EOS and Cisco networking hardware provide vectors for network-wide interception, disruption, and lateral movement. Immediate remediation via vendor patches is mandatory for federal agencies and critical for enterprise environments to mitigate the risk of perimeter breach and internal escalation.

Critical Zero-Days in Google Chrome, Microsoft Exchange, and AWS GovCloud Credential Leak

The second week of June 2026 is marked by a high-velocity exploitation cycle targeting critical infrastructure and endpoints. Google Chrome faces its fifth zero-day of the year via an Out-of-Bounds (OOB) Read/Write in the V8 engine (CVE-2026-11645) and a Use-After-Free vulnerability (CVE-2026-11634). Simultaneously, Microsoft Exchange on-premises servers are targeted by an active zero-day (CVE-2026-42897). Infrastructure risks include a critical RCE in Unbound DNSSEC (CVE-2026-33278) and KEV-listed flaws in Arista and Cisco devices. A critical supply chain failure occurred when a CISA contractor exposed privileged AWS GovCloud credentials on GitHub, compromising high-security federal cloud environments. Immediate patching to Chrome v149.0.7827.102/.103 and remediation of KEV-listed assets are mandated.

Critical OS Command Injection in Lantronix EDS5000 Series

CVE-2025-67038 is a critical OS command injection vulnerability affecting Lantronix EDS5000 series serial-to-Ethernet device servers. An unauthenticated remote attacker can achieve root-level system compromise by injecting arbitrary shell commands via the username parameter. With a CVSS score of 9.8 and confirmed active exploitation in the wild, the flaw enables full device takeover and potential lateral movement into sensitive industrial or management networks. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal remediation by June 26, 2026.

APT28 Exploitation of Edge Device Vulnerabilities and EOL Hardware

Russian-linked threat actor APT28 is strategically targeting network edge devices—including VPN concentrators, firewalls, and gateways—to establish persistence and bypass host-based security controls such as EDR and MFA. By exploiting vulnerabilities in unpatched or End-of-Life (EOL) firmware, APT28 implements perimeter traversal chains that remain invisible to standard endpoint monitoring. This campaign specifically targets US Federal agencies and critical infrastructure, creating high-risk entry points into Cyber-Physical Systems (CPS). Remediation is mandated via CISA advisory AA26-097A, requiring the immediate replacement or patching of unsupported edge hardware to eliminate unpatchable attack surfaces.

EO 14409: CISA and Federal Mandates for Frontier Model and Agentic AI Security

Executive Order 14409 mandates a bifurcated security architecture for artificial intelligence, distinguishing between voluntary private-sector frameworks and classified benchmarks for federal deployments. The mandate specifically targets frontier models and agentic AI systems, introducing rigorous security testing standards and monitoring protocols for autonomous agents. A critical "Accountability Gap" exists between voluntary CISA-managed clearinghouse participation and the stringent requirements for federal agency procurement. This shift compels contractors and critical infrastructure operators to implement standardized security testing and agentic AI monitoring to align with emerging federal security postures and avoid compliance-driven procurement exclusion.

CISA Adds SolarWinds Serv-U Vulnerability CVE-2024-28995 to KEV Catalog

CVE-2024-28995 is a high-severity path traversal vulnerability in SolarWinds Serv-U (versions 15.4.2 HF 1 and prior) that allows unauthenticated remote attackers to read arbitrary files from the host system. The flaw exists in the BuildLocalPath method due to improper validation of the InternalDir and InternalFile parameters, enabling attackers to bypass directory restrictions via crafted GET requests. Given confirmed active exploitation by both automated scanners and manual threat actors, CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on July 17, 2024. Immediate remediation via upgrade to version 15.4.2 HF 2 is required to prevent sensitive system data exfiltration.

U.S. Administration: Voluntary AI Model Cybersecurity Testing Framework

The Trump administration is implementing a "defensive acceleration" framework requiring frontier AI developers to voluntarily provide 30-day pre-release access to new models for classified benchmarking. Managed by a multi-agency coalition including CISA, the NSA, and the Treasury, the initiative establishes an AI Cybersecurity Clearinghouse to scan for vulnerabilities and coordinate remediation. The strategy aims to mitigate AI-driven offensive cyber capabilities and harden critical infrastructure—specifically healthcare, finance, and utilities—via Binding Operational Directives (BODs) and automated, agentic defensive tooling, focusing on the critical 1.6% of exploitable vulnerabilities.

Perimeter Collapse: The Erosion of Trust in Edge Gateway Architectures

The traditional "castle-and-moat" security model is undergoing a systemic collapse as edge gateways transition from defensive bastions to high-value primary targets. As recurring critical vulnerabilities in VPN and edge appliances expose the inherent fragility of network-centric trust, organizations must pivot toward identity-based Zero Trust Architectures to mitigate this growing architectural erosion.

US Congress Probes AI-Driven Cyber-Physical Threats to Critical Infrastructure

The US House Homeland Security Subcommittee is investigating the escalation of AI-driven cyber-physical threats targeting critical infrastructure. Adversaries are deploying agentic AI to automate vulnerability discovery and execute autonomous attack chains, drastically reducing the time-to-exploit for ICS/OT environments to under 24 hours. Technical vectors include AI-generated polymorphic malware that bypasses signature-based EDR and deepfake-driven authentication bypass targeting critical personnel. These capabilities enable the transition from data exfiltration to kinetic disruption of power grids and water systems. Legislative efforts, specifically the "Great American AI Act" (Obernolte-Trahan), seek to establish federal guardrails and a new Center for AI Standards and Innovation (CAISI) to counter these rapid-cycle exploitation threats.


LINK COPIED TO CLIPBOARD