Hackaday [Unofficial]This Week in Security: Messing with AI, 7Zip and Notepad++ Vulnerabilities, HTTP2 Bomb, and More
🚨 EXECUTIVE ADVISORY: CISA flags CVE-2026-45247 in Mirasvit Cache Warmer as an active ransomware threat vector. Total business interruption risk. Mandatory remediation deadline is June 6, 2026. Protect your edge.
https://thecybermind.co/y1lw
securityaffairsU.S. #CISA adds #Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/193156/security/u-s-cisa-adds-mirasvit-full-page-cache-warmer-flaw-to-its-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking
https://securityaffairs.com/193156/security/u-s-cisa-adds-mirasvit-full-page-cache-warmer-flaw-to-its-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking
The New Oil
CISA warns of cyberattacks targeting fuel tank monitoring systems
CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors.
AACISA has listed several industrial vulnerabilities:https://www.cisa.gov/ #CISA #vulnerability #infosec
The Record: Andersen: CISA directive for AI executive order to be released this week https://therecord.media/cisa-directive-for-ai-exec-order-release
Earlier:
"Mullin hinted that the White House intends to announce a nominee to run the department’s cyber wing, which has been without a Senate-confirmed chief since Trump was sworn back into office."
“We've got a person, soon to be nominated, that will be running CISA, that has the ability to recruit and focus on the authorities we have. We want CISA to be the leader in cybersecurity. They should be and they will be.”
DHS chief signals efforts to reshape CISA https://therecord.media/dhs-chief-signals-efforts-to-reshape-cisa @therecord_media #CISA #infosec
MeysamCISA's Binding Operational Directive 18-01 required all federal civilian agencies to implement DMARC at p=reject by October 2018.
if you're a federal contractor, a supplier to government agencies, or in a regulated industry watching where compliance trends go — BOD 18-01 is the blueprint.
the pattern is consistent:
- mandate
- monitor
- enforce
- reject
every major mailbox provider has followed the same playbook.
Analyst207CISA Warns of Exploited Magento Extension Flaw
A critical flaw in the Mirasvit Full Page Cache Warmer Magento extension, tracked as CVE-2026-45247, has been exploited by hackers, allowing them to execute remote code without authentication. This vulnerability, rated 9.8 on the CVSS scale, enables attackers to wreak havoc by supplying a malicious PHP object in the CacheWarmer…
#MagentoExtensionFlaw #Cve202645247 #DeserializationVulnerability #RemoteCodeExecution #Cisa
Mullin Targets 2,800 Staff for Optimal CISA Operations
Department of Homeland Security Secretary Markwayne Mullin aims to boost the Cybersecurity and Infrastructure Security Agency's effectiveness with a targeted workforce of 2,800 personnel, leveraging public partnerships and strategic grant usage to fortify national security.
#Cisa #Cybersecurity #Government #NationalSecurity #PublicPartnerships
