Aggregator

You must login to view this content

You must login to view this content

Malware increasingly travels through the infrastructure that delivers online advertising. The Media Trust’s Global Report on Digital Trust, Ad Integrity, and the Protection of People describes a digital ad ecosystem where scam campaigns, malicious redirects, and malware delivery appear alongside marketing traffic. The financial impact of these threats continues to grow. Estimated consumer and business losses in the United States tied to malware, scams, and ad-borne fraud exceeded $12.5 billion in 2025. Exposure also remains … More →

The post That attractive online ad might be a malware trap appeared first on Help Net Security.

Cyberattacks linked to Iranian threat actors are taking on a new and alarming form in the ongoing Middle East conflict. Since late February 2026, a coordinated campaign to compromise internet-connected IP cameras has been underway across multiple countries in the region, raising serious concerns about how cyber operations are being actively used to support physical […]

The post Threat Actors Intensify Targeting of IP Cameras Across Middle East Amid Ongoing Conflict appeared first on Cyber Security News.

You must login to view this content

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
• CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
• CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
• CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
• CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.