Known Exploited Vulnerabilities and counting....
A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.
Cybersecurity Brief: May 23, 2026
Critical Infrastructure Exposure and Federal Supply Chain Risks
Independent reporting has revealed that a contractor supporting the Cybersecurity and Infrastructure Security Agency (CISA) exposed a significant cache of sensitive data, highlighting persistent vulnerabilities in the federal cybersecurity supply chain. The incident underscores a fundamental challenge facing government agencies: while internal security controls may be robust, the extended perimeter created by third-party contractors and service providers often represents the weakest link in the security architecture. This exposure at an agency specifically tasked with protecting critical infrastructure raises concerns about oversight mechanisms and the practical implementation of zero-trust principles across contractor relationships.
High-Severity Cisco Vulnerability and Active Threats
Cisco has issued an urgent warning for a critical 10.0 CVSS-rated vulnerability affecting Secure Workload, granting administrative access to potential attackers. The maximum severity rating indicates the flaw likely allows unauthenticated remote code execution or complete system compromise. Separately, threat actors are actively abusing internal Microsoft online services to conduct spam campaigns, exploiting trusted infrastructure to bypass email security filters. Meanwhile, Russian President Putin has appointed a cybersecurity specialist with documented ties to Rostec and alleged connections to GRU-linked Fancy Bear operations to a senior position, signaling continued state investment in offensive cyber capabilities. These developments reflect the persistent threat landscape facing both enterprise and government networks.
Sources: HSToday · The Insider · CISO Series
Common Vulnerability and Exposure
CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.
Search Known Exploits
Search for CVEs by vendor or product to identify known exploited vulnerabilities in your environment
Upcoming Patch Due Dates
via Binding Operational Directive 22-01
(BOD) 22-01 is a directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) in the United States to federal agencies and federal contractors in order to improve their cybersecurity practices. It provides a set of guidelines and requirements that these agencies and contractors must follow to increase their defenses against cyber threats.
Loading...
Cyber Security News
You may have missed...
*
Inside a cyberattack: How hackers steal data
The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry ...
Iranian Hackers Using Fake Job Sites to Breach Defense Firms - GovInfoSecurity
Hackers nudged victims into downloading malicious survey files or bundled job application documents embedded with malware, which in some cases were .....
Iranian Hackers Using Fake Job Sites to Breach Defense Firms - BankInfoSecurity
Researchers generally haven't seen evidence of cyberwar from Tehran nation-state hackers although Iranian cyber proxies quickly swung into action with...
Hacker breaks into Hartford HealthCare user accounts, accessing 22500 people's info
— Hartford HealthCare's payment accounts on the HUSKY provider portal website were hacked in March, as a criminal accessed the personal information of...
Police boast of hacking VPN where criminals "believed themselves to be safe"
European law enforcement say they hacked into a VPN (virtual private network) service used for ransomware attacks and other crimes, and identified ...
Putin appoints Rostec cybersecurity specialist linked to GRU hackers from Fancy Bear ... - The Insider
Kozlov comes from cybersecurity structures linked to the state defense corporation Rostec and, according to leaked data, held a classified security .....
Over 30% Of Bitcoin Supply Faces Quantum Exposure Risk - Stocktwits
Quantum-computing stocks rallied in pre-market trade on Thursday, reviving debate around Bitcoin's (BTC) long-term security model and putting ...
Decoding a Nation: 250 Years of American Secrets
Cold War Ciphers: Experience the tension of the Cold War era with the Fortezza crypto card, a cutting-edge relic from a time when technology was ...
Crypto and Blockchain Stocks Positioned for Long-Term Growth - Yahoo Finance
Popular cryptocurrencies such as Bitcoin and Ether operate on blockchain networks that rely on advanced cryptography and software to maintain a secure...
Updated daily
