CyberSecurity news

FlagThis - #cisa

@zdnet.com //
Federal cybersecurity agencies, including the FBI and CISA, have issued an urgent advisory regarding the escalating threat of Medusa ransomware. Since its emergence in 2021, Medusa has targeted over 300 victims across various critical infrastructure sectors, including medical, education, legal, insurance, technology, and manufacturing. The group's activities have accelerated in recent months, prompting immediate action recommendations for organizations. Medusa operates as a Ransomware-as-a-Service (RaaS) model, now recruiting affiliates from criminal forums to launch attacks, encrypt data, and extort victims worldwide.

Medusa actors leverage common ransomware tactics, including phishing campaigns and exploiting unpatched software vulnerabilities. They employ a double extortion strategy by encrypting victim data and threatening to publicly release it if the ransom is not paid. To mitigate the risk, CISA and the FBI recommend organizations update systems regularly to close known vulnerabilities, implement network segmentation to restrict lateral movement, and enable multi-factor authentication for all services. They also urge organizations to report incidents promptly to aid in tracking and combating the growing threat.

Recommended read:
References :
  • bsky.app: CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month.
  • www.bleepingcomputer.com: CISA: Medusa ransomware hit over 300 critical infrastructure orgs
  • securityonline.info: FBI, CISA, and MS-ISAC Warn Organizations About Medusa Ransomware Attacks
  • DataBreaches.Net: #StopRansomware: Medusa Ransomware
  • Industrial Cyber: US exposes Medusa ransomware threat, as over 300 organizations targeted across critical infrastructure sector
  • securityaffairs.com: SecurityAffairs article: Medusa ransomware hit over 300 critical infrastructure organizations until February 2025
  • www.cybersecuritydive.com: Medusa ransomware slams critical infrastructure organizations
  • www.itpro.com: CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted
  • www.tripwire.com: The Medusa ransomware gang continues to present a major threat to the critical infrastructure sector, according to a newly-released joint advisory from the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
  • : FBI and CISA Warn of Medusa Ransomware Impacting Critical Infrastructure
  • bsky.app: CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month.
  • The DefendOps Diaries: Explore the impact of Medusa ransomware on critical infrastructure and learn strategies to enhance cybersecurity defenses.
  • www.scworld.com: Medusa ransomware, a ransomware-as-a-service group, has increased attacks targeting critical infrastructure, potentially preparing for geopolitical conflicts. Recent attacks indicate a 150% increase in this activity.
  • Tenable Blog: Tenable article: Cybersecurity Snapshot: Medusa Ransomware Impacting Critical Infrastructure, CISA Warns, While NIST Selects New Quantum-Resistant Algorithm
  • SOC Prime Blog: SOC Prime blog: Medusa Ransomware Attacks Covered in AA25-071A Detection
  • be4sec: Medusa Ransomware is Targeting Critical Infrastructure
  • be4sec: This advisory summarizes the key activities of prominent ransomware groups in January 2025, highlighting a significant increase in Medusa attacks.
  • aboutdfir.com: Medusa ransomware group has been actively targeting critical infrastructure organizations, employing a double extortion tactic.
  • www.techradar.com: US government warns Medusa ransomware has hit hundreds of critical infrastructure targets
  • cyble.com: The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a well-timed advisory on the Medusa ransomware group last week, as Cyble has detected an acceleration in the group’s activities in recent months.
  • Email Security - Blog: Medusa Ransomware: Multi-Industry Threat on the Rise
  • techxplore.com: Cybersecurity officials warn against potentially costly Medusa ransomware attacks
  • Security | TechRepublic: Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware
  • eSecurity Planet: Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory
  • Blue Team Con: CISA and the FBI warn about Medusa ransomware, urging organizations to update security, enable MFA, and report incidents to mitigate the growing threat.
  • thecyberexpress.com: Medusa Ransomware Surge: 60 Victims in 3 Months—Are You Next?
  • www.zdnet.com: How to guard against a vicious Medusa ransomware attack - before it's too late
  • www.cysecurity.news: The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a #StopRansomware advisory, warning organizations about the increasing threat of Medusa ransomware.
  • Sam Bent: Cybercriminal Group Medusa Targets Critical Infrastructure Sectors A sophisticated cybercriminal group known as Medusa has been targeting many critical infrastructure sectors in the United States.
  • The Hacker News: Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
  • www.cybersecuritydive.com: Medusa ransomware using malicious driver as EDR killer

do son@Daily CyberSecurity //
The Medusa ransomware operation has significantly impacted critical infrastructure sectors, affecting over 300 organizations in the United States by February 2025. According to CISA, these attacks have targeted essential services across various industries, including medical, education, legal, insurance, technology, and manufacturing. This widespread impact highlights the vulnerability of critical infrastructure and the potential for severe disruptions. The healthcare sector has been a primary target, with ransom demands ranging from $100,000 to $15 million, potentially disrupting patient care and compromising sensitive data.

Educational institutions have also been significantly affected, with 21 attacks reported in February 2025 alone. These attacks disrupt academic activities and compromise personal information of students and staff. In response, CISA, in partnership with the FBI and MS-ISAC, released a joint Cybersecurity Advisory providing tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and detection methods associated with known Medusa ransomware activity. The advisory encourages organizations to ensure operating systems and software are up to date, segment networks to restrict lateral movement, and filter network traffic to prevent unauthorized access.

Recommended read:
References :
  • Industrial Cyber: Recent findings from Symantec indicate a significant rise in Medusa ransomware activity, which is reportedly being operated as...
  • securityaffairs.com: Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024.
  • : Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m
  • Broadcom Software Blogs: Attacks using this ransomware have displayed consistent TTPs and grown steadily since 2023.
  • bsky.app: CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month.
  • The DefendOps Diaries: Medusa Ransomware: A Growing Threat to Critical Infrastructure
  • RedPacket Security: CISA: CISA and Partners Release Cybersecurity Advisory on Medusa Ransomware
  • gbhackers.com: Medusa Ransomware Hits 300+ Critical Infrastructure Organizations Worldwide
  • securityonline.info: FBI, CISA, and MS-ISAC Warn Organizations About Medusa Ransomware Attacks
  • www.bleepingcomputer.com: CISA: Medusa ransomware hit over 300 critical infrastructure orgs
  • securityaffairs.com: Medusa ransomware hit over 300 critical infrastructure organizations until February 2025
  • Industrial Cyber: US exposes Medusa ransomware threat, as over 300 organizations targeted across critical infrastructure sector
  • www.itpro.com: CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted
  • CyberInsider: FBI: Medusa Ransomware Has Breached 300 Critical Infrastructure Organizations
  • www.tripwire.com: The Medusa ransomware gang continues to present a major threat to the critical infrastructure sector, according to a newly-released - with at least one organisation hit with a "triple-extortion" threat. Read more in my article on the Tripwire State of Security blog.
  • Resources-2: On March 12, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory on Medusa ransomware [1]. Medusa ransomware emerged as Ransomware-as-a-Service in June 2021 and gained infamy by compromising over 300 victims from critical infrastructure sectors, including healthcare, insurance, technology, manufacturing, legal, and technology.
  • : CISA, FBI Warn of Medusa Ransomware Impacting Critical Infrastructure
  • www.cybersecuritydive.com: The ransomware-as-a-service gang tallied more than 300 victims in industries such as healthcare, manufacturing and technology.
  • The Register - Security: Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand
  • DataBreaches.Net: #StopRansomware: Medusa Ransomware
  • hackread.com: FBI and CISA Urge Enabling 2FA to Counter Medusa Ransomware
  • Talkback Resources: #StopRansomware: Medusa Ransomware | CISA [net] [mal]
  • Tenable Blog: Cybersecurity Snapshot: Medusa Ransomware Impacting Critical Infrastructure, CISA Warns, While NIST Selects New Quantum-Resistant Algorithm
  • SOC Prime Blog: Medusa Ransomware Detection: The FBI, CISA & Partners Warn of Increasing Attacks by Ransomware Developers and Affiliates Against Critical Infrastructure
  • www.itpro.com: CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted

@csoonline.com //
Recent reports have surfaced indicating that the US government ordered a temporary halt to offensive cyber operations against Russia, a decision that has stirred considerable debate and concern within the cybersecurity community. According to an exclusive report, Defense Secretary Pete Hegseth instructed U.S. Cyber Command (CYBERCOM) to suspend all planning against Moscow, including offensive digital actions. The directive, delivered to CYBERCOM chief Gen. Timothy Haugh, appears to be part of a broader effort by the White House to normalize relations with Russia amid ongoing negotiations regarding the war in Ukraine.

The decision to pause cyber operations has been met with skepticism and warnings from cybersecurity professionals, who fear the potential consequences of reducing vigilance against a known digital adversary. Concerns have been raised about potential increases in global cyber threats and a decrease in shared confidence in the U.S. as a defensive partner. However, the Cybersecurity and Infrastructure Security Agency (CISA) has denied these reports, labeling them as fake news and a danger to national security. CISA also noted that Russia has been at the center of numerous cybersecurity concerns for the U.S.

Recommended read:
References :
  • bsky.app: DHS says CISA will not stop monitoring Russian cyber threats
  • The Register - Security: US Cyber Command reportedly pauses cyberattacks on Russia
  • Anonymous ???????? :af:: US Cybersecurity and Infrastructure Security Agency says that media reports about it being directed to no longer follow or report on Russian cyber activity are untrue, and its mission remains unchanged.
  • securityboulevard.com: Security Pros Push Back as Trump Orders Halt to Cyber Ops vs. Russia
  • www.bitdefender.com: Stop targeting Russian hackers, Trump administration orders US Cyber Command
  • www.csoonline.com: US Cybercom, CISA retreat in fight against Russian cyber threats: reports
  • Carly Page: The US has suspended its offensive cyber operations against Russia, according to reports, amid efforts by the Trump administration to grant Moscow concessions to end the war in Ukraine.
  • Metacurity: US Cybercom, CISA are softening stances on Russia as a cyber foe: reports
  • Zack Whittaker: The U.S. has reportedly suspended its offensive cyber operations against Russia, per multiple news outlets, amid efforts by the Trump administration to grant Moscow concessions to end the war in Ukraine.
  • securityaffairs.com: CISA maintains stance on Russian cyber threats despite policy shift
  • CyberInsider: CISA Denies Reports That It Has Halted Cyber Operations Against Russian Threats
  • iHLS: U.S. Pauses Cyber Operations Against Russia

Mandvi@Cyber Security News //
CISA has added three critical Ivanti Endpoint Manager (EPM) flaws to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. The affected vulnerabilities are CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161. These flaws are absolute path traversal vulnerabilities that could allow remote, unauthenticated attackers to fully compromise vulnerable servers, potentially granting unauthorized access to sensitive information. Federal agencies have been given until March 31, 2025, to apply the necessary patches and mitigate these threats.

CISA urges all organizations, including those in the private sector, to prioritize timely remediation of these Ivanti EPM vulnerabilities. Security experts warn that delays in patching can lead to full domain compromise, credential theft, and lateral movement by malicious actors. Given the recent history of Ivanti vulnerabilities, proactive security measures and rapid patching are essential to defend against potential attacks. The large market share of Ivanti products makes them a prime target for malicious actors, emphasizing the importance of immediate patching and continuous hardening of systems.

Recommended read:
References :
  • BleepingComputer: CISA tags critical Ivanti EPM flaws as actively exploited in attacks
  • : CISA Urges All Organizations to Patch Exploited Critical Ivanti Vulnerabilities
  • www.scworld.com: 3 Ivanti flaws added to CISA list of known exploited vulnerabilities
  • The DefendOps Diaries: Addressing Critical Vulnerabilities in Ivanti Endpoint Manager
  • www.cybersecuritydive.com: CISA: 3 Ivanti endpoint vulnerabilities exploited in the wild
  • Cyber Security News: CISA Adds 3 Ivanti Endpoint Manager Flaws to Exploited Vulnerabilities Catalog

Juan Perez@Tenable Blog //
The Ghost (Cring) ransomware group, known for exploiting vulnerabilities in software and firmware, remains a significant threat as of January 2025. A joint cybersecurity alert from the FBI, CISA, and other partners warns the global cyber defender community of increasing attacks from this financially motivated group. CISA issued a joint advisory on February 19, 2025, emphasizing the group's ongoing activity.

The Ghost (Cring) ransomware first appeared in early 2021 and has impacted organizations across more than 70 countries by compromising vulnerable, internet-facing services. Security measures such as patching known vulnerabilities and implementing basic infosec actions are crucial in defending against these attacks. The SOC Prime Platform has curated Sigma rules to help detect Ghost (Cring) ransomware activity.

Recommended read:
References :
  • SecureWorld News: The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide.
  • Tenable Blog: Rapid7 discusses Ghost Ransomware group targeting known Vulns.
  • aboutdfir.com: The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities and some basic infosec actions.
  • Resources-2: Picus Security provides Ghost (Cring) Ransomware Analysis, Simulation, and Mitigation.
  • socprime.com: Ghost (Cring) Ransomware Detection: The FBI, CISA, and Partners Warn of Increasing China-Backed Group’s Attacks for Financial Gain
  • SOC Prime Blog: The FBI, CISA, and partners have recently issued a joint cybersecurity alert warning the global cyber defender community of increasing Ghost (Cring) ransomware attacks aimed at financial gain.
  • thecyberexpress.com: A Ghost ransomware group also referred to as Cring, has been actively exploiting vulnerabilities in software and firmware as recently as January 2025.
  • Security Boulevard: [CISA AA25-050A] #StopRansomware: Ghost (Cring) Ransomware
  • www.attackiq.com: CISA AA25-050A] #StopRansomware: Ghost (Cring) Ransomware
  • industrialcyber.co: CISA, FBI, MS-ISAC warn of Ghost ransomware
  • aboutdfir.com: The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities and some basic infosec actions, according to a joint advisory issued Wednesday by the FBI and US Cybersecurity and
  • securebulletin.com: Secure Bulletin provides an analysis of tactics, targets, and techniques used by Ghost Ransomware.
  • Secure Bulletin: Securebulletin article on Ghost Ransomware
  • The Register - Security: Ghost ransomware crew continues to haunt IT depts with scarily bad infosec
  • cyble.com: FBI-CISA Ghost Ransomware Warning Shows Staying Power of Old Vulnerabilities
  • aboutdfir.com: News article covering the joint advisory from CISA and the FBI on the Ghost/Cring ransomware.

Pierluigi Paganini@Security Affairs //
CISA has added multiple vulnerabilities in Advantive VeraCore to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The five flaws impact both Advantive VeraCore and Ivanti Endpoint Manager (EPM) with agencies being urged to apply patches by March 31, 2025.

The VeraCore vulnerabilities, CVE-2024-57968 and CVE-2025-25181, are being exploited by the XE Group, a Vietnamese threat actor, to deploy reverse shells and web shells for persistent remote access. CVE-2024-57968 is an unrestricted file upload vulnerability, while CVE-2025-25181 is an SQL injection vulnerability. There are currently no public reports about how the three Ivanti EPM flaws are being weaponized in real-world attacks.

Recommended read:
References :
  • securityaffairs.com: U.S. CISA adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog
  • The Hacker News: CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
  • Talkback Resources: CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List [exp] [ics]
  • www.scworld.com: Advantive VeraCore, Ivanti EPM flaws added to CISA vulnerabilities catalog
  • cyble.com: CISA Adds Five New Vulnerabilities to Its Known Exploited Vulnerabilities Catalog

Jessica Lyons@The Register - Software //
The FBI and CISA have jointly issued an advisory urging software developers to eliminate buffer overflow vulnerabilities, labeling them "unforgivable defects." These agencies highlighted the continued presence of such vulnerabilities in products from major vendors like Microsoft and VMware. The advisory emphasizes the need for developers to adopt secure-by-design practices and memory-safe programming languages to prevent these flaws.

The agencies pointed out several recent buffer overflow vulnerabilities, including those found in Microsoft's Hyper-V, Ivanti's Connect Secure, and VMware's vCenter. These vulnerabilities, if exploited, could lead to privilege escalation, remote code execution, and full system access. The advisory stresses that buffer overflows are avoidable by using updated coding practices and safe languages. They also call on manufacturers to implement compile-time and runtime protections, conduct thorough testing, and analyze the root cause of past vulnerabilities to prevent future occurrences.

Recommended read:
References :
  • The Register - Software: Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities
  • Information Security Buzz: CISA and FBI warn of threats exploiting buffer overflow vulnerabilities.
  • : CISA and FBI release a joint Secure by Design Alert on eliminating buffer overflow vulnerabilities.
  • industrialcyber.co: CISA, FBI urge manufacturers to eliminate buffer overflow vulnerabilities with secure-by-design practices
  • ciso2ciso.com: CISA, FBI call software with buffer overflow issues ‘unforgivable’ – Source: www.csoonline.com
  • Talkback Resources: US govt wants developers to stop coding 'unforgivable' bugs [app] [exp]
  • Tenable Blog: Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat
  • cyble.com: FBI, CISA Urge Memory-Safe Practices for Software Development
  • securityonline.info: Buffer Overflows Vulnerabilities: CISA & FBI Issue Urgent Warning

@thecyberexpress.com //
US cybersecurity agencies, CISA and the FBI, have issued warnings regarding the active exploitation of four critical vulnerabilities within Ivanti Cloud Service Appliances (CSA). These flaws, designated as CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380, are being leveraged by Chinese state-sponsored actors to breach vulnerable networks. The agencies released detailed technical information, including indicators of compromise (IOCs), highlighting that attackers are using two primary exploit chains to gain unauthorized access, execute arbitrary code, and implant webshells on victim systems.

Specifically, one exploit chain combines CVE-2024-8963, CVE-2024-8190, and CVE-2024-9380, while the other uses CVE-2024-8963 along with CVE-2024-9379. These vulnerabilities affect Ivanti CSA versions 4.6x before 519, and versions 5.0.1 and below for CVE-2024-9379 and CVE-2024-9380. Notably, CSA version 4.6 is end-of-life and does not receive security patches, making it particularly susceptible. The agencies urge organizations to apply patches promptly and implement robust security measures to defend against these active threats, further highlighting the speed at which disclosed vulnerabilities are weaponized.

Recommended read:
References :
  • ciso2ciso.com: FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
  • Pyrzout :vm:: Four Critical Ivanti CSA Vulnerabilities Exploited—CISA and FBI Urge Mitigation
  • www.bleepingcomputer.com: CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks.
  • thecyberexpress.com: Four Critical Ivanti CSA Vulnerabilities Exploited—CISA and FBI Urge Mitigation
  • www.helpnetsecurity.com: Report on Cisco's fixes for ClamAV vulnerability and a critical Meeting Management flaw.
  • www.scworld.com: Ivanti CSA exploit chains examined in joint CISA, FBI advisory
  • : CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
  • ciso2ciso.com: FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know – Source: www.securityweek.com
  • Pyrzout :vm:: Anatomy of an Exploit Chain: CISA, FBI Detail Ivanti CSA Attacks  – Source:cyble.com #'Cyber
  • securityonline.info: CISA and FBI Warn of Exploited Ivanti CSA Vulnerabilities in Joint Security Advisory
  • securityonline.info: CISA and FBI Warn of Exploited Ivanti CSA Vulnerabilities in Joint Security Advisory
  • ciso2ciso.com: Anatomy of an Exploit Chain: CISA, FBI Detail Ivanti CSA Attacks

Ashish Khaitan@The Cyber Express //
CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog to include critical vulnerabilities affecting VMware ESXi, Workstation, Fusion, and Linux kernel. These flaws are actively being exploited, posing a significant risk, particularly for federal government organizations. Rapid patching is essential to mitigate the active cyber threats associated with these vulnerabilities.

The identified VMware vulnerabilities, CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, allow for remote code execution (RCE) and privilege escalation. Specifically, CVE-2025-22224 is a Time-of-Check Time-of-Use (TOCTOU) vulnerability with a CVSSv3 score of 9.3, classified as Critical. The affected systems include various versions of VMware ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform, with updated versions available to address the flaws.

Recommended read:
References :

Sam Bent@Sam Bent //
CISA has issued a warning to U.S. federal agencies regarding a critical vulnerability, CVE-2024-48248, in NAKIVO's Backup & Replication software. This flaw, an absolute path traversal bug, could allow attackers to access sensitive files, potentially compromising configuration files, backups, and credentials. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Agencies are urged to apply necessary mitigations by April 9, 2025.

The vulnerability, affecting versions prior to 10.11.3.86570, was discovered by watchTowr Labs, who also published a proof-of-concept exploit. Successful exploitation could allow an unauthenticated attacker to read arbitrary files on the target host via the "/c/router" endpoint. NAKIVO addressed the issue in November 2024 with version v11.0.0.88174. CISA's directive underscores the need for federal agencies to promptly patch the flaw to secure their networks against potential data exposure.

Recommended read:
References :
  • Sam Bent: CISA Urges Federal Agencies to Patch NAKIVO Backup & Replication Flaw, Raising Security Concerns
  • www.bleepingcomputer.com: CISA tags NAKIVO backup flaw as actively exploited in attacks

Pierluigi Paganini@Security Affairs //
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities affect Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM), posing significant risks to organizations. The advisory issued by CISA strongly urges immediate remediation to mitigate the threat of potential exploitation.

These vulnerabilities include CVE-2017-3066 in Adobe ColdFusion and CVE-2024-20953 in Oracle Agile PLM. The agency has set a deadline of March 17, 2025, for federal agencies to secure their networks against these flaws. Active exploitation attempts have been reported, highlighting the urgency of applying necessary updates.

Recommended read:
References :
  • Talkback Resources: Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA [exp] [net]
  • thecyberexpress.com: CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities
  • cyble.com: Overview The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog.
  • Talkback Resources: Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA [exp] [net]