Cisa
CISA Kills the Flat KEV Deadline: BOD 26-04 Starts a Three-Day Patch Clock
BOD 26-04 revokes BOD 22-01 and 19-02, replacing flat KEV due dates with risk-tiered deadlines: three days plus mandatory forensic triage for internet-facing, automatable, total-control flaws.
CISA and the FBI Warn: Internet-Exposed Fuel Tank Gauges Are Under Active Attack
A June 2 joint advisory from CISA, the FBI, the NSA and five other agencies says attackers are compromising internet-exposed automatic tank gauge systems and modifying them through command execution. Shadowserver counts over 1,000 exposed, 909 in the US — on the same TCP port these consoles have answered on for a decade.
The 'Private-CISA' Leak: A Contractor Left GovCloud Keys and Artifactory Creds Public on GitHub for Six Months
A CISA contractor's public GitHub repo exposed AWS GovCloud admin keys, internal Artifactory credentials, and plaintext passwords to dozens of agency systems for roughly six months.
CISA AA26-097A: CyberAv3ngers Exploit Rockwell PLCs Across US Water, Energy, and Government Systems
Six US agencies issue joint advisory after Iranian-affiliated CyberAv3ngers compromise Rockwell Allen-Bradley PLCs in water, energy, and government sectors, manipulating SCADA displays and control logic.
CVE-2026-4681: CVSS 10.0 Deserialization RCE in PTC Windchill Has German Police Knocking on Doors
A maximum-severity deserialization flaw in PTC Windchill and FlexPLM (CVE-2026-4681, CVSS 10.0) prompted German federal police to physically visit companies and wake up sysadmins. No patch yet. Here's what you need to know.
CVE-2026-1579: Critical PX4 Autopilot Flaw Gives Attackers Full Drone Control via MAVLink
CISA advisory for CVE-2026-1579 reveals a CVSS 9.8 authentication bypass in PX4 Autopilot that lets unauthenticated attackers gain shell access to drones over MAVLink.