CISA
CISA confirms Linux kernel flaw exploited in ransomware attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a high-severity privilege escalation vulnerability in the Linux kernel, known as CVE-2024-1086, is now being exploited by ransomware gangs. The flaw, a use-after-free issue in the netfilter: nf_tables component, was introduced in February 2014 and patched in January 2024. It affects major Linux distributions including Debian, Ubuntu, Fedora, and Red Hat.
F5 breach creates imminent threat to thousands of networks
Networking software firm F5 disclosed a long-term breach of its systems this week, prompting a federal warning about risks to thousands of networks. A nation-state hacking group is believed to be behind the intrusion, which involved stealing source code. The US government highlighted dangers to its own operations and Fortune 500 companies.
CISA warns of exploited high-severity Windows SMB flaw
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a high-severity vulnerability in Windows SMB that is now being exploited in attacks. Windows users are urged to update their systems immediately to mitigate the risk. The alert emphasizes the need for prompt action against this security threat.
CISA adds Oracle and other flaws to exploited vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency has added vulnerabilities from Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft Internet Explorer to its Known Exploited Vulnerabilities catalog. This action requires federal agencies to address these flaws by October 27, 2025, to mitigate risks from ongoing exploits. Among the additions is a critical Oracle vulnerability recently patched after exploitation by ransomware actors.