CISA dodaje kolejną lukę w GitLab do katalogu KEV

Niektóre podatności muszą poczekać na aktywne wykorzystanie dłużej, niż inne. Musiało upłynąć zdecydowanie więcej czasu, aby podatność dotycząca SSRF w GitLab oznaczona symbolem CVE-2021-39935 została dodana przez CISA do katalogu aktywnie wykorzystywanych podatności (KEV). Jest to okres znacznie dłuższy niż w przypadku poprzednio opisywanej podatności, również dotykającej serwery kontroli wersji. Dla przypomnienia,...

#WBiegu #Cisa #Cve #Ssrf

https://sekurak.pl/cisa-dodaje-kolejna-luke-w-gitlab-do-katalogu-kev/

CISA has updated the KEV catalogue, and Microsoft is the winner.

- CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21514

- CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21519

- CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21533

- CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21510

- CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21525

CVE-2026-21513: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21513

More:

CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication https://www.cisa.gov/news-events/news/cisa-releases-guide-help-critical-infrastructure-users-adopt-more-secure-communication

The guide: https://www.cisa.gov/resources-tools/resources/barriers-secure-ot-communication-why-johnny-cant-authenticate

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #Microsoft #vulnerability

𝙏𝙝𝙧𝙚𝙖𝙩 𝙈𝙤𝙙𝙚𝙡: 𝘾𝙮𝙗𝙚𝙧𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮
𝘧𝘰𝘳 Feb. 10th, 2026
𝘣𝘺 𝘪𝘯𝘥𝘦𝘱𝘦𝘯𝘥𝘦𝘯𝘵 𝘫𝘰𝘶𝘳𝘯𝘢𝘭𝘪𝘴𝘵 @violetblue

- #Discord alternatives (ranked) to its doomed new age-check policy after losing age-check data in a huge hack

- US states are scrambling for #electionsecurity solutions after #CISA abandons them

- Horrific reports of #AI surgery disasters

- Trauma tips for surviving 2026

- A rage check tool to see if you’re being deliberately provoked online

- How to check claims of extraterrestrial life

- Apparently US #redteams have poor standards

...and much more.

* 𝙏𝙝𝙧𝙚𝙖𝙩 𝙈𝙤𝙙𝙚𝙡 𝘪𝘴 𝘧𝘳𝘦𝘦 𝘵𝘰 𝘳𝘦𝘢𝘥 -- 𝘱𝘭𝘦𝘢𝘴𝘦 𝘩𝘦𝘭𝘱 𝘬𝘦𝘦𝘱 𝘪𝘵 𝘢𝘤𝘤𝘦𝘴𝘴𝘪𝘣𝘭𝘦 𝘵𝘰 𝘢𝘭𝘭 𝘣𝘺 𝘣𝘦𝘤𝘰𝘮𝘪𝘯𝘨 𝘢 𝘱𝘢𝘵𝘳𝘰𝘯, 𝘦𝘷𝘦𝘯 $1/𝘮𝘰𝘯𝘵𝘩 𝘮𝘢𝘬𝘦𝘴 𝘢 𝘥𝘪𝘧𝘧𝘦𝘳𝘦𝘯𝘤𝘦 *

https://www.patreon.com/posts/cybersecurity-10-150379364

#ThreatModel #ThreatModelCybersecurity #ThreatModelNewsletters #VioletBlue #infosec #cybersec #CovidIsNotOver

Odd that CISA would put this up after the Super Bowl - and written by the acting director, no less. It reads like a commercial.

CISA: Super Bowl LX: Strengthening Preparation, Building Resilience, Fostering Partnerships https://www.cisa.gov/news-events/news/super-bowl-lx-strengthening-preparation-building-resilience-fostering-partnerships

On a more serious note, CISA has added one industrial vulnerability to the ever-expanding catalogue: https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps #CISA #infosec #vulnerability

We spend billions on firewalls and zero-trust architecture, only to be undone by a copy-paste command by someone who should know better. The U.S. cyber defense chief "accidentally" feeding classified intelligence to an unsecured version of ChatGPT is the ultimate reminder that the greatest vulnerability in any system is the person using it. Technology is outpacing our muscle memory. When a tool feels like a helpful colleague, we treat it like one—forgetting that LLMs are basically giant, permanent digital sponges. If the person in charge of the nation's digital shield can trip over the AI threshold, your team probably is too.

🧠 Convenience is the enemy of confidentiality
⚡ Your data is the product, even in a chat box
🎓 Policy without automated guardrails is just a wish
🔍 The UI is designed to make you forget the risks

https://arstechnica.com/tech-policy/2026/01/us-cyber-defense-chief-accidentally-uploaded-secret-government-info-to-chatgpt/
#CyberSecurity #ArtificialIntelligence #Leadership #security #privacy #cloud #infosec #CISA

#CISA orders federal agencies to replace end-of-life edge devices

https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-replace-end-of-life-edge-devices/

#cybersecurity

Senator, who has repeatedly warned about secret US #GovernmentSurveillance, sounds new alarm over ‘#CIA activities’

by Zack Whittaker, February 6, 2026

Excerpt: "In 2011, #RonWyden said that the U.S. government was relying on a secret interpretation of the #PatriotAct, which he said — without disclosing the nature of his concerns — created a 'gap between what the public thinks the law says and what the American government secretly thinks the law says.'

"Two years later, then-#NSA contractor #EdwardSnowden revealed that the National Security Agency was relying on its secret interpretation of the Patriot Act to force U.S. phone companies, including Verizon, to turn over the call records of hundreds of millions of Americans on an ongoing basis.

"Since then, Wyden has sounded the alarm on how the U.S. government collects the contents of people’s communications; revealed that the Justice Department barred Apple and Google from disclosing that federal authorities had been secretly demanding the contents of their customers’ push notifications; and said that an unclassified report that #CISA has refused to release contains 'shocking details' about national security threats facing U.S. phone companies.

"As noted by Techdirt’s Mike Masnick, we may not know yet why Wyden sounded the siren about the CIA’s activities, but every time Wyden has warned, he has also been vindicated."

Full article:
https://techcrunch.com/2026/02/06/senator-who-has-repeatedly-warned-about-secret-u-s-government-surveillance-sounds-new-alarm-over-cia-activities/

#USPol #Fascism #Authoritarianism #SilencingDissent #Spying #USCitizens #WarrantlessSurveillance