惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hacker News: Front Page
P
Palo Alto Networks Blog
T
ThreatConnect
Apple Machine Learning Research
Apple Machine Learning Research
博客园_首页
T
True Tiger Recordings
P
Privacy & Cybersecurity Law Blog
B
Blog
IT之家
IT之家
Last Week in AI
Last Week in AI
F
Full Disclosure
Hacker News: Ask HN
Hacker News: Ask HN
C
Comments on: Blog
Microsoft Azure Blog
Microsoft Azure Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Microsoft Security Blog
Microsoft Security Blog
博客园 - 【当耐特】
N
News and Events Feed by Topic
NISL@THU
NISL@THU
腾讯CDC
雷峰网
雷峰网
Security Latest
Security Latest
李成银的技术随笔
M
Microsoft Research Blog - Microsoft Research
L
LangChain Blog
L
Lohrmann on Cybersecurity
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Check Point Blog
Y
Y Combinator Blog
Recent Announcements
Recent Announcements
博客园 - Franky
N
News | PayPal Newsroom
V
V2EX
A
About on SuperTechFans
The Register - Security
The Register - Security
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google Online Security Blog
Google Online Security Blog
MyScale Blog
MyScale Blog
Cisco Talos Blog
Cisco Talos Blog
Vercel News
Vercel News
WordPress大学
WordPress大学
C
Cyber Attacks, Cyber Crime and Cyber Security
The Hacker News
The Hacker News
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
爱范儿
爱范儿
A
Arctic Wolf
L
LINUX DO - 最新话题
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

Security Affairs

PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch Microsoft issues YellowKey mitigation, no patch yet Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free A malicious VS code extension just breached GitHub ‘s internal repositories DirtyDecrypt: PoC Released for yet another Linux flaw Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash Drupal is rolling out an emergency security update on May 20. You cannot miss it Microsoft dismantled malware-signing network Fox Tempest Poland shifts away from Signal following cyberattacks on officials’ accounts Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects Shai-Hulud worm copycats emerge after source code leak Grafana confirms GitHub token breach cybercrime group claims the attack ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945 Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945 SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97 Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog Russian APT Turla builds long-term access tool with Kazuar Botnet evolution OpenAI hit by supply chain attack linked to malicious TanStack packages Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day Ghostwriter group resumes attacks on Ukrainian Government targets Researchers uncover YellowKey and GreenPlasma Windows Zero-Days Pwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fall U.S. CISA adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog Linux Kernel bug Fragnesia allows local root access attacks Broadcom releases VMware Fusion security update for root access bug NGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to light FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign Nitrogen Ransomware claims massive data theft from Foxconn Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming OpenLoop Health confirms January 2026 Data breach affecting 716,000 Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations Instructure settles with hackers following massive student data theft Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator Hackers accessed BWH Hotels reservation system for months The world’s most “Dangerous” AI, Anthropic’s Mythos, found only one flaw in curl Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor WannaCry, the ransomware attack that changed the history of cybersecurity Android banking Trojan TrickMo evolves using TON network for C2 Identity security firm SailPoint discloses GitHub repository breach Google warns artificial intelligence is accelerating cyberattacks and zero-day exploits Crimenetwork returns after takedown, dismantled again by German authorities U.S. CISA adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog Instagram removed end-to-end encryption for DMs. What should users do? New cPanel vulnerabilities could allow file access and remote code execution Official JDownloader site served malware to Windows and Linux users between May 6 and May 7 SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 96 Security Affairs newsletter Round 576 by Pierluigi Paganini – INTERNATIONAL EDITION Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence Braintrust security incident raises concerns over AI supply chain risks RansomHouse says it breached Trellix and exposes internal systems Cyberattacks on Poland’s Water Plants: A Blueprint for Hybrid Warfare Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild AI, Cyberwarfare, and Autonomous Weapons: Inside America’s New Military Strategy Nation-state actors exploit Palo Alto PAN-OS zero-day for weeks U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog Cisco patches high-severity flaws enabling SSRF, code execution attacks From Android TVs to routers: the xlabs_v1 Mirai-based botnet built for DDoS attacks U.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog Taiwan High-Speed Rail Emergency Braking Hack: How a Student Stopped the Trains and Exposed a Major Security Gap After 17 years, Gavril Sandu extradited to U.S. for hacking scheme Iranian cyber espionage disguised as a Chaos Ransomware attack Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE Palo Alto Networks PAN-OS flaw exploited for remote code execution Malicious PyTorch Lightning update hits AI supply chain security U.S. court sentences Karakurt ransomware negotiator to 8.5 years Vimeo confirms breach via third-party vendor impacts 119K users Critical Android vulnerability CVE-2026-0073 fixed by Google Microsoft warns of global campaign stealing auth tokens from 35K users Educational tech firm Instructure data breach may have impacted 9,000 schools MOVEit automation flaws could enable full system compromise Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940 U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog AI speeds flaw discovery, forcing rapid updates, UK NCSC warns Bluekit phishing kit enables automated phishing with 40+ templates and AI tools Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defenses SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 95 U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog Security Affairs newsletter Round 575 by Pierluigi Paganini – INTERNATIONAL EDITION Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AI Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling Trellix discloses the breach of a code repository New Deep#Door RAT uses stealth and persistence to target Windows Digital attacks drive a new wave of cargo theft, FBI says Carding service Jerry’s Store leak exposes 345,000 stolen payment cards Anthropic launches Claude Security to counter rapid AI-Powered exploits SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now Copy Fail: New Linux bug enables Root via page‑cache corruption Agent’s claims on WhatsApp access spark security concerns Meta accused of violating DSA by failing to safeguard minors Large-scale Roblox hacking operation shut down by Ukrainian authorities CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure Internet censorship index reveals Russia’s lead and widespread content blocking
U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
2026-04-08 · via Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Ivanti EPMM, tracked as CVE-2026-1340 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.

The critical vulnerability is a code injection in Ivanti Endpoint Manager Mobile that allows attackers to achieve unauthenticated remote code execution. 

Below is the list of affected versions:

Product Name Affected Version(s) Affected CPE(s) Resolved Version(s) 
Ivanti Endpoint Manager Mobile 12.5.0.0 and prior 12.6.0.0 and prior 12.7.0.0 and prior cpe:2.3:a:ivanti:endpoint_manager_mobile:12.7.0.0:*:*:*:*:*:*:* RPM 12.x.0.x  
Ivanti Endpoint Manager Mobile 12.5.1.0 and prior 12.6.1.0 and prior cpe:2.3:a:ivanti:endpoint_manager_mobile:12.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager_mobile:12.6.1.0:*:*:*:*:*:*:*   RPM 12.x.1.x 

The software firm is aware of attacks in the wild exploiting this flaw.

“We are aware of a very limited number of customers who have been exploited at the time of disclosure. However, a POC was made available by a third party shortly after disclosure.” warns the company. “We urge all customers to apply the patch as soon as possible and run the Exploitation Detection RPM package as a tool to assist in identifying potential compromise.”

The company released a new RPM detection tool that helps customers check for possible exploitation by scanning for known indicators and generating logs for review. Any suspicious activity before patching may indicate compromise and requires investigation, while alerts after patching are likely just harmless scanning attempts.

The company pointed out that running the RPM tool alone doesn’t guarantee the appliance is clean. It helps detect known indicators of compromise, but absence of findings isn’t proof of safety. Results should be reviewed with the security team and combined with other analysis and tools.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerability by April 11, 2026.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。