While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which have been patched earlier this month. CVE-2025-5777, in particular, has captured the attention of infosec professionals due to its similarity to CVE-2023-4966, aka CitrixBleed. Consequently, CVE-2025-5777 has been informally dubbed “CitrixBleed 2” by security researcher Kevin Beaumont. Both CitrixBleed and CitrixBleed … More →
The post CitrixBleed 2 might be actively exploited (CVE-2025-5777) appeared first on Help Net Security.
Germany’s data protection authorities have escalated their scrutiny of Chinese artificial intelligence applications, with Berlin’s data protection commissioner Meike Kamp formally requesting Apple and Google to review and potentially remove DeepSeek from their respective app stores. The move, announced on June 27, 2025, represents a significant regulatory challenge for the popular AI chatbot that has […]
The post Germany Urges Apple, Google to Block Chinese AI App DeepSeek Over Privacy Rules appeared first on Cyber Security News.
Glasgow City Council has issued an urgent warning to residents about a sophisticated parking fine scam that has emerged amid ongoing cybersecurity concerns affecting the city’s digital infrastructure. The fraudulent scheme targets motorists through text messages and emails claiming they owe parking fines, with criminals leveraging the current security incident to add credibility to their […]
The post Glasgow City Warns of Parking Fine Scam as Cyber Security Incident Continues appeared first on Cyber Security News.
You must login to view this content
Get details on the newly released Legit MCP Server.
The post Meet Legit MCP: AI-Powered Security That Works Where Your Team Works appeared first on Security Boulevard.
Today, CISA, in collaboration with the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA), released a Fact Sheet urging organizations to remain vigilant against potential targeted cyber operations by Iranian state-sponsored or affiliated threat actors.
Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which is expected to escalate due to recent events. These cyber actors often exploit targets of opportunity based on the use of unpatched or outdated software with known Common Vulnerabilities and Exposures or the use of default or common passwords on internet-connected accounts and devices.
At this time, we have not seen indications of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran. However, CISA, FBI, DC3, and NSA strongly urge critical infrastructure asset owners and operators to implement the mitigations recommended in the joint Fact Sheet, which include:
Review the joint Fact Sheet: Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest and act now to understand the Iranian state-backed cyber threat, assess and mitigate cybersecurity weaknesses, and review and update incident response plans to strengthen your network against malicious cyber actors.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.