Known Exploited Vulnerabilities and counting....

A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.

Cybersecurity Brief: May 23, 2026

Critical Infrastructure Exposure and Federal Supply Chain Risks

Independent reporting has revealed that a contractor supporting the Cybersecurity and Infrastructure Security Agency (CISA) exposed a significant cache of sensitive data, highlighting persistent vulnerabilities in the federal cybersecurity supply chain. The incident underscores a fundamental challenge facing government agencies: while internal security controls may be robust, the extended perimeter created by third-party contractors and service providers often represents the weakest link in the security architecture. This exposure at an agency specifically tasked with protecting critical infrastructure raises concerns about oversight mechanisms and the practical implementation of zero-trust principles across contractor relationships.

High-Severity Cisco Vulnerability and Active Threats

Cisco has issued an urgent warning for a critical 10.0 CVSS-rated vulnerability affecting Secure Workload, granting administrative access to potential attackers. The maximum severity rating indicates the flaw likely allows unauthenticated remote code execution or complete system compromise. Separately, threat actors are actively abusing internal Microsoft online services to conduct spam campaigns, exploiting trusted infrastructure to bypass email security filters. Meanwhile, Russian President Putin has appointed a cybersecurity specialist with documented ties to Rostec and alleged connections to GRU-linked Fancy Bear operations to a senior position, signaling continued state investment in offensive cyber capabilities. These developments reflect the persistent threat landscape facing both enterprise and government networks.

Sources: HSToday · The Insider · CISO Series

Woman Looking at Computer Screen

CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.

Search Known Exploits

Search for CVEs by vendor or product to identify known exploited vulnerabilities in your environment

Loading vendors and products...

Upcoming Patch Due Dates

via Binding Operational Directive 22-01

(BOD) 22-01 is a directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) in the United States to federal agencies and federal contractors in order to improve their cybersecurity practices. It provides a set of guidelines and requirements that these agencies and contractors must follow to increase their defenses against cyber threats.

Loading...

News Logo

Cyber Security News

You may have missed...


📌 Pinned

*

https:betanews.comMar 5

Inside a cyberattack: How hackers steal data

The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry ...

https://theins.pressMay 23

Putin appoints Rostec cybersecurity specialist linked to GRU hackers from Fancy Bear ... - The Insider

Kozlov comes from cybersecurity structures linked to the state defense corporation Rostec and, according to leaked data, held a classified security .....

https://stocktwits.comMay 22

Over 30% Of Bitcoin Supply Faces Quantum Exposure Risk - Stocktwits

Quantum-computing stocks rallied in pre-market trade on Thursday, reviving debate around Bitcoin's (BTC) long-term security model and putting ...

https://www.nsa.govMay 22

Decoding a Nation: 250 Years of American Secrets

Cold War Ciphers: Experience the tension of the Cold War era with the Fortezza crypto card, a cutting-edge relic from a time when technology was ...

https://sg.finance.yahoo.comMay 22

Crypto and Blockchain Stocks Positioned for Long-Term Growth - Yahoo Finance

Popular cryptocurrencies such as Bitcoin and Ether operate on blockchain networks that rely on advanced cryptography and software to maintain a secure...

https://www.theregister.comMay 22

Jailbroken Gemini helped Russian-speaking fraudster target MAGA crypto users - The Register

... crypto wallets. Hey, Gemini ... "We have reached an inflection point for cybercrime conspiracies,” Tom Kellermann, TrendAI's VP of AI security ...

https://www.tronweekly.comMay 23

Massive GitHub Breach 2026: Web3 Security Alert

A GitHub breach exposed private repositories used by Web3 developers, with hackers claiming to have stolen data from 4,000 private repositories contai...

https://www.privacyguides.orgMay 22

NYC Health + Hospitals Breach Exposes Medical Data and Biometric Information for 1.8 Million People

The New York public healthcare system disclosed one of the largest recorded breaches of 2026, with hackers stealing personal and medical data along wi...

https://krebsonsecurity.comMay 23

Lawmakers Demand Answers as CISA Tries to Contain Data Leak - Krebs on Security

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after ...


Updated daily