Search

CISA Cybersecurity Proposed Rule Comments

The Cybersecurity and Infrastructure Security Agency (CISA) has posted comments from the Bristol Bay Native Corporation regarding a proposed rule. This submission is part of the public consultation period for new cybersecurity regulations.

V8 in Chrome Vulnerable to Code Execution

CISA has added a vulnerability in Google Chrome's V8 engine to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability (CVE-2026-3910) allows remote code execution and requires federal agencies to patch by March 13, 2026.

Google Chrome Skia Out-of-Bounds Write Vulnerability

CISA has added a known exploited vulnerability, CVE-2026-3909, affecting Google Chrome versions prior to 146.0.7680.75. This vulnerability allows remote attackers to perform out-of-bounds memory access via a crafted HTML page. Agencies are directed to apply mitigations by March 13, 2026.

CISA Adds Two Exploited Vulnerabilities to KEV Catalog

CISA has added two new vulnerabilities, CVE-2026-3909 and CVE-2026-3910, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal Civilian Executive Branch (FCEB) agencies are required to remediate these vulnerabilities per Binding Operational Directive (BOD) 22-01.

CISA: Ignition Software Vulnerable to Code Execution

CISA issued an advisory for Inductive Automation Ignition Software versions prior to 8.3.0, identifying a deserialization vulnerability (CVE-2025-13913) that could allow remote code execution. Users are recommended to upgrade to version 8.3.0 or later.

Apple Use-After-Free Vulnerability Fixed in iOS/iPadOS 17

CISA has added a use-after-free vulnerability (CVE-2023-41974) affecting Apple iOS and iPadOS to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, which could allow an app to execute arbitrary code with kernel privileges, has been fixed by Apple in iOS 17, iPadOS 17, iOS 15.8.7, and iPadOS 15.8.7.

VMware Workspace ONE UEM SSRF Vulnerability CVE-2021-22054

CISA has added VMware Workspace ONE UEM console versions to the Known Exploited Vulnerabilities (KEV) catalog due to an SSRF vulnerability (CVE-2021-22054). This vulnerability may allow a malicious actor to gain access to sensitive information.

Siemens Heliox EV Chargers Vulnerability Advisory

CISA has issued an advisory regarding a vulnerability in Siemens Heliox EV Chargers that could allow unauthorized access. Siemens has released updated versions and recommends immediate updates to mitigate the risk.

Siemens SIDIS Prime Vulnerabilities Advisory

CISA has issued an advisory regarding multiple vulnerabilities in Siemens SIDIS Prime versions prior to V4.0.800, affecting components like OpenSSL, SQLite, and Node.js packages. Siemens recommends updating to the latest version to address these high-severity issues.

Siemens RUGGEDCOM APE1808 Devices Vulnerabilities

CISA has issued an advisory regarding multiple vulnerabilities affecting Siemens RUGGEDCOM APE1808 devices. These vulnerabilities, related to HTTP request smuggling and authentication bypass, have been assigned high CVSS scores. Siemens recommends updating to the latest version to address these security risks.