Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

CISA warns organizations of vulnerabilities and misconfigurations that are known to be exploited in ransomware operations. The US cybersecurity agency CISA is sharing knowledge about vulnerabilities and misconfigurations exploited in ransomware attacks. The initiative is part of its Ransomware Vulnerability Warning Pilot (RVWP) program which launched this year. The US Agency is sharing this information […]

CISA BlueHammer (CVE-2026-33825)

CISA warns organizations of vulnerabilities and misconfigurations that are known to be exploited in ransomware operations.

The US cybersecurity agency CISA is sharing knowledge about vulnerabilities and misconfigurations exploited in ransomware attacks.

The initiative is part of its Ransomware Vulnerability Warning Pilot (RVWP) program which launched this year.

The US Agency is sharing this information in its known exploited vulnerabilities (KEV) catalog, which now integrates an additional attribute titled “known to be used in ransomware campaigns.” For present vulnerabilities and all future to be added to the catalog, this column indicates whether CISA is aware  that a vulnerability has been associated with ransomware. 

“Today, we are pleased to announce some new resources added to the RVWP. Through the RVWP, CISA determines vulnerabilities that are commonly associated with known ransomware exploitation and warns critical infrastructure entities with those vulnerabilities, helping to enable mitigation before a ransomware incident occurs.” reads the advisory. “Now, all organizations have access to this information in our known exploited vulnerabilities (KEV) catalog as we added a column titled, “known to be used in ransomware campaigns.” For present vulnerabilities and all future to be added to the catalog, this column indicates whether CISA is aware  that a vulnerability has been associated with ransomware.”

CISA ransomware

CISA also published a list of misconfigurations and weaknesses known to be exploited in ransomware attacks. This list will guide organizations to quickly identify services known to be used by ransomware threat actors so they can implement mitigations or compensating controls.

“This list provides information on weaknesses and misconfigurations that are commonly exploited by threat actors in ransomware campaigns. This list is different from the KEV catalog as it contains information not CVE based.” reads the announcement.

The list includes an attribute titled “Cyber Performance Goal (CPG),” which recommends actions that organizations can take to mitigate the risk of exposure to attacks exploiting the misconfiguration/weakness.

CISA states that the RVWP program allowed the identification of more than 800 vulnerable systems to date. Vulnerable systems were hosted in the networks of organizations in the energy, education facilities, healthcare and public health, and water systems industries.

“While we encourage all organizations to take action today to reduce their risk to ransomware by reviewing the revised KEV catalog and list of misconfigurations and weaknesses, CISA continues work to shift the responsibility of secure software from the customer to software manufacturers and make products Secure by Design.” concludes the announcement.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, RVWP)