CISA’s secure-software buying tool had a simple XSS vulnerability of its own
A researcher who discovered the vulnerability said it was fixed in December, after he first reported it to the agency in September.
Advertisement
Showing 10 of 806 results
-
(Pixabay) Government -
Cybersecurity What’s powering the ‘Steroid Era’ of cybercrime?
Adam Myers, Head of Counter Adversary Operations at CrowdStrike, and Elia Zaitsev, CTO of CrowdStrike
-
Sean Plankey, of Pennsylvania, responds to questioning during Senate Committee on Homeland Security and Governmental Affairs hearings to examine his nomination to be Director of the Cybersecurity and Infrastructure Security Agency, of the Department of Homeland Security, in the Dirksen Senate office building, in Washington, DC, on Wednesday July 24, 2025. (Mattie Neretin/CNP/Sipa USA) Government Sean Plankey re-nominated to lead CISA
President Donald Trump resubmitted his nomination Tuesday after it stalled in the Senate last year.
-
Rep. Andy Ogles, R-Tenn., speaks to reporters before attending an afternoon Republican caucus meeting at the U.S. Capitol on Sep. 29, 2023. (Photo by Chip Somodevilla/Getty Images) Geopolitics Hill warning: Don’t put cyber offense before defense
A House hearing weighed the pros and cons from the Trump administration and some lawmakers to step up cyber offensive operations.
-
(Getty Images) Government Time to restore America’s cyberspace security system
China’s campaign to break into our critical infrastructure and federal government networks is persistent and growing. Beijing is stealing information while also planting tools and maintaining access in key systems, giving it the option to pressure the United States in the future. Russia also continues to test our critical infrastructure with increasingly sophisticated operations, support […]
-
Abstract binary code rippling on waving ribbons. (Getty Images) Cybersecurity MongoBleed defect swirls, stamping out hope of year-end respite
The high-severity vulnerability is under active exploitation and affects many versions of MongoDB, a nearly ubiquitous open-source database.
-
Cisco logo sits illuminated at MWC Barcelona on February 28, 2022. (David Ramos/Getty Images) Threats Cisco customers hit by fresh wave of zero-day attacks from China-linked APT
Cisco has yet to release a patch for the actively exploited vulnerability, and attacks have been underway since at least late November.
-
Binary code depicted in waves. (iStock/Getty Images) Cybercrime React2Shell fallout spreads to sensitive targets as public exploits hit all-time high
Attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits, earning the defect the highest verified public exploit count of any CVE ever.
-
(Getty Images) Cybersecurity Outgoing GAO chief warns of ‘taking our foot off the gas’ at CISA
-
Chairman of the House Committee on Homeland Security U.S. Rep. Andrew Garbarino, R-N.Y., talks to Secretary of Homeland Security Kristi Noem prior to a hearing in the Cannon House Office Building on Dec. 11, 2025. (Photo by Anna Moneymaker/Getty Images) Policy Key lawmaker says Congress likely to kick can down road on cyber information sharing law
House Homeland Security Chairman Andrew Garbarino, R-N.Y., also discussed Salt Typhoon, regulations and the cyber workforce Tuesday.