US-Cert Current Activity

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released an alert warning of a scam involving criminal actors masquerading as the “BianLian Group.”  The cyber criminals target corporate executives by sending extortion letters threatening to release victims’ sensitive information unless payment is received.

CISA encourages organizations to review the following FBI Public Service Announcement for more information:

• Mail Scam Targeting Corporate Executives Claims Ties to Ransomware

 Organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870. 

CISA released three Industrial Control Systems (ICS) advisories on March 6, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-065-01 Hitachi Energy PCU400
• ICSA-25-065-02 Hitachi Energy Relion 670/650/SAM600-IO
   
• ICSA-25-037-02 Schneider Electric EcoStruxure (Update A)
   

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released eight Industrial Control Systems (ICS) advisories on March 4, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-063-01 Carrier Block Load
• ICSA-25-063-02 Keysight Ixia Vision Product Family
• ICSA-25-063-03 Hitachi Energy MACH PS700
• ICSA-25-063-04 Hitachi Energy XMC20
• ICSA-25-063-05 Hitachi Energy UNEM/ECST
• ICSA-25-063-06 Delta Electronics CNCSoft-G2
• ICSA-25-063-07 GMOD Apollo
• ICSA-25-063-08 Edimax IC-7100 IP Camera 

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-50302 Linux Kernel Use of Uninitialized Resource Vulnerability
• CVE-2025-22225 VMware ESXi Arbitrary Write Vulnerability
• CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
• CVE-2025-22226 VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2023-20118 Cisco Small Business RV Series Routers Command Injection Vulnerability
• CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
• CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
• CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
• CVE-2024-4885 Progress WhatsUp Gold Path Traversal Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released two Industrial Control Systems (ICS) advisories on February 27, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-058-01 Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers
   
• ICSMA-25-058-01 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application
   

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released two Industrial Control Systems (ICS) advisories on February 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-056-01 Rockwell Automation PowerFlex 755
   
• ICSMA-25-030-01 Contec Health CMS8000 Patient Monitor (Update A)
   

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
• CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and the Palo Alto Security Bulletin for CVE-2024-9474 for additional information. 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2017-3066 Adobe ColdFusion Deserialization Vulnerability
• CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released eight Industrial Control Systems (ICS) advisories on February 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-051-01 ABB ASPECT-Enterprise, NEXUS, and MATRIX Series
• ICSA-25-051-02 ABB FLXEON Controllers
• ICSA-25-051-03 Carrier Block Load
• ICSA-25-051-04 Siemens SiPass Integrated
• ICSA-25-051-05 Rapid Response Monitoring My Security Account App
• ICSA-25-051-06 Elseta Vinci Protocol Analyzer
   
• ICSA-24-291-03 Mitsubishi Electric CNC Series (Update A)
   
• ICSMA-25-051-01 Medixant RadiAnt DICOM Viewer

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-23209 Craft CMS Code Injection Vulnerability
• CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released a joint Cybersecurity Advisory, #StopRansomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations.

Ghost actors conduct these widespread attacks targeting and compromising organizations with outdated versions of software and firmware on their internet facing services. These malicious ransomware actors are known to use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) where available patches have not been applied to gain access to internet facing servers. The known CVEs are CVE-2018-13379, CVE-2010-2861, CVE-2009-3960, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207.

CISA encourages network defenders to review this advisory and apply the recommended mitigations. See #StopRansomware and the #StopRansomware Guide for additional guidance on ransomware protection, detection, and response. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on the CPGs, including added recommended baseline protections.

CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability
• CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released two Industrial Control Systems (ICS) advisories on February 18, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-191-01 Delta Electronics CNCSoft-G2 (Update A)
• ICSA-25-035-02 Rockwell Automation GuardLogix 5380 and 5580 (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

•     CVE-2024-57727 SimpleHelp Path Traversal Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released twenty Industrial Control Systems (ICS) advisories on February 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-044-01 Siemens SIMATIC S7-1200 CPU Family
• ICSA-25-044-02 Siemens SIMATIC
• ICSA-25-044-03 Siemens SIPROTEC 5
• ICSA-25-044-04 Siemens SIPROTEC 5
• ICSA-25-044-05 Siemens SIPROTEC 5 Devices
• ICSA-25-044-06 Siemens RUGGEDCOM APE1808 Devices
• ICSA-25-044-07 Siemens Teamcenter
• ICSA-25-044-08 Siemens OpenV2G
• ICSA-25-044-09 Siemens SCALANCE W700
• ICSA-25-044-10 Siemens Questa and ModelSim
• ICSA-25-044-11 Siemens APOGEE PXC and TALON TC Series
• ICSA-25-044-12 Siemens SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor
• ICSA-25-044-13 Siemens SIMATIC PCS neo and TIA Administrator
• ICSA-25-044-14 Siemens Opcenter Intelligence
• ICSA-25-044-15 ORing IAP-420
• ICSA-25-044-16 mySCADA myPRO Manager
• ICSA-25-044-17 Outback Power Mojave Inverter
• ICSA-25-044-18 Dingtian DT-R0 Series
   
• ICSA-24-030-02 Mitsubishi Electric FA Engineering Software Products (Update C)
   
• ICSMA-25-044-01 Qardio Heart Health IOS and Android Application and QardioARM A100

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-24200 Apple iOS and iPadOS Incorrect Authorization Vulnerability
• CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA and the Federal Bureau of Investigation (FBI) have released a Secure by Design Alert, Eliminating Buffer Overflow Vulnerabilities, as part of their cooperative Secure by Design Alert series—an ongoing series aimed at advancing industry-wide best practices to eliminate entire classes of vulnerabilities during the design and development phases of the product lifecycle. “Eliminating Buffer Overflow Vulnerabilities” describes proven techniques to prevent or mitigate buffer overflow vulnerabilities through secure by design principles and best practices.

Buffer overflow vulnerabilities are a prevalent type of defect in memory-safe software design that can lead to system compromise. These vulnerabilities can lead to data corruption, sensitive data exposure, program crashes, and unauthorized code execution. Threat actors frequently exploit these vulnerabilities to gain initial access to an organization’s network and then move laterally to the wider network.

CISA and FBI urge manufacturers review the Alert and, where feasible, eliminate this class of defect by developing new software using memory-safe languages, using secure by design methods, and implementing the best practices supplied in this Alert. CISA and FBI also urge software customers demand secure products from manufacturers that include these preventions. Visit CISA’s Secure by Design Pledge page to learn about our voluntary pledge, which focuses on enterprise software products and services—including on-premises software, cloud services, and software as a service (SaaS).

CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability
• CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
• CVE-2025-21418 Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
• CVE-2025-21391 Microsoft Windows Storage Link Following Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.