CISA Adds FortiOS Vulnerability to KEV Catalog – 6-25-25 – https://tinyurl.com/3mpfmhm5 #KEV #CISA #FortiGuard

So here's a dumb question. Does CVE-2025-33053 actually affect Apache #mod_dav after all?

#CISA #KEV seems to be implying this: "This vulnerability could affect various products that implement WebDAV, including but not limited to Microsoft Windows."

Like, is it a protocol bug, or a product bug? The CVE only lists Microsoft products as affected.

#CISA added the Erlang/OTP and RoundCube bugs to the #KEV today.

@runZeroInc already has queries for both of these -- the Erlang/OTP one since April. rZ users should be well ahead of this today.

https://www.runzero.com/blog/erlang-otp-ssh/

https://www.runzero.com/blog/roundcube-webmail/

CISA Adds ZKTeco BioTime Vulnerability to KEV Catalog – 5-19-25 – https://tinyurl.com/ms84fzjp #CISA #KEV #ZKTeco

CISA Adds FortiGuard Vulnerability to KEV Catalog – 5-14-25 – Stack-based buffer overflow in five FortiGuard product lines – https://tinyurl.com/ye5m9b7x #KEV #FortiGuard

#CISA posts up a passel of new KEVs, completely blowing through the k-rad 1337 count.

Technically, it looks like CVE-2025-32709 is the winrar of Most LEET Bug on #KEV.

#CISA se carga el feed RSS del #KEV y dice que si tal lo puedes seguir en Twitter 🤬

https://www.cisa.gov/news-events/alerts/2025/05/12/update-how-cisa-shares-cyber-related-alerts-and-notifications

Un recordatorio más de no basar la gestión de vulnerabilidades en una organización estatal.

#CISA adds CVE-2025-47729 to the #KEV -- which is for the crazy hacked up version of Signal used by high-ranking US government officials.

Wowzo. That's something.

https://www.cve.org/CVERecord?id=CVE-2025-47729

#CISA ends RSS for #KEV. Sigh.

UPDATE: No they didn't! H/t @ntkramer

"Update May 13: In an effort to enhance user experience and highlight the most timely and actionable information for cyber defenders, CISA announced a shift in how we share cybersecurity alerts and advisories. We recognize this has caused some confusion in the cyber community. As such, we have paused immediate changes while we re-assess the best approach to sharing with our stakeholders."

https://www.cisa.gov/news-events/alerts/2025/05/12/update-how-cisa-shares-cyber-related-alerts-and-notifications

CISA Adds 2 GeoVision Vulnerabilities to KEV Catalog – 5-7-25 – OS command injection vulnerabilities initially reported in June and November 2024 – Affected products are EOL no mitigation measures are available – https://tinyurl.com/3c6jfhsb #KEV #CISA

CISA Adds SonicWall Vulnerability to KEV Catalog – 5-1-25 – https://tinyurl.com/yb4dsuuk #KEV #SonicWall

CISA Adds Broadcom Vulnerability to KEV Catalog – 4-28-25 – Code injection vulnerability in Brocade Fabric OS – Not yet clear what OT/IoT assets may be affected –https://tinyurl.com/38wswk3a #KEV

📰cyberlights💥 week 17 out now! I had a hard time choosing from all the #infosec news. the entry got a little longer than usual 👉https://infosec.press/wrzlbrmpfts-cyberlights/cyberlights-week-17-2025

my fav this week is quite geeky, but discovering a bug because of "previously undefined behavior" is kinda cool 🫙 https://cookieplmonster.github.io/2025/04/23/gta-san-andreas-win11-24h2-bug/

a little sidenote: no new entries into CISA's #kev database. that does not happen very often. 🥸

I wrote a Discord bot to monitor for CVEs being mentioned in chat, and then it will fetch the details and post it back to chat.

It also has a feature to monitor for new KEV notifications and send them to a dedicated channel

Collab with me. Use it. Abuse it. What ever ya want!

https://github.com/mauvehed/kevvy

#CVSS #CVE #KEV #CISA #Vulnerabilties #Discord

CISA Adds SonicWall Vulnerability to KEV Catalog – 4-16-25 – Vulnerability initially reported on 2021 (and fixed) now being exploited in the wild – https://tinyurl.com/5n6p3fw7 #KEV #SonicWind

Los recortes en #CISA a pesar de ser una agencia americana posiblemente terminen teniendo un impacto negativo en la #ciberseguridad global.

Por ejemplo el #KEV que mantienen (un catálogo de vulnerabilidades que se sabe que se están explotando por el mundo adelante) es una joya de cara a hacer una gestión de vulnerabilidades efectiva.

Otra cosa es que tengamos que quitarnos esa dependencia y buscar alternativas propias (además de ser conscientes de que no nos avisarán de las que exploten ellos, evidentemente), pero perder esa fuente va a hacer mucho daño a corto.

https://www.theregister.com/2025/04/08/cisa_cuts_threat_intel/

Want to know the top ten #CWEs in CISA’s “Known Exploited Vulnerabilities (#KEV) Catalog”?

The “2024 CWE Top 10 KEV Weaknesses” list is now available on the CWE website!

List - https://cwe.mitre.org/top25/archive/2024/2024_kev_list.html
Key Insights - https://cwe.mitre.org/top25/archive/2024/2024_kev_insights.html
Methodology - https://cwe.mitre.org/top25/archive/2024/2024_kev_methodology.html

CISA Adds Edimax IP-camera Vulnerability to KEV Catalog – 3-19-25 – https://tinyurl.com/2esdfdp9 #KEV #CISA

@alvar @FITKOfoederal

Das gilt auch, und nicht nur für

1. #FOSS
2. #AI Modelle
3. #CVE #databases
4. #kev https://www.cisa.gov/known-exploited-vulnerabilities-catalog #CISA ist bereits unter Beschuss
5. #tor https://www.opentech.fund/ auch unter Beschuss

Wir können uns eigentlich nur noch auf reine #FOSS Modelle verlassen, und selbst das wird schwer, weil einige Communities gespalten sind.

Für alle, die jetzt noch gut schlafen konnten.