gcve-eu-kev updated — a CISA KEV and ENISA CNW/EUVD to GCVE BCP-07 converter.

It now also includes a generic RSS/Atom exporter for any GCVE KEV BCP-07 feed.

@gcve

#cybersecurity #gcve #kev #cve #vulnerability #vulnerabilitymanagement

🔗 https://github.com/gcve-eu/gcve-eu-kev
🔗 https://gcve.eu/bcp/gcve-bcp-07/

CISA flips the switch: Ivanti EPM (CVE-2026-1603) is under active exploit. A low-complexity XSS allows total authentication bypass with zero user interaction. If your EPM is internet-facing, the "Master Key" is compromised. Get the Strategic Arsenal now. #CyberSecurity #Ivanti #KEV

https://thecybermind.co/2026/03/11/deconstructing-ivanti-epm-authentication-bypass/?utm_source=mastodon&utm_medium=jetpack_social

CISA added 3 exploited vulnerabilities to the KEV catalog:
• Omnissa Workspace ONE – SSRF
• SolarWinds Web Help Desk – Deserialization flaw
• Ivanti Endpoint Manager – Auth bypass
KEV flaws remain top attack vectors.

Source: https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog

Follow TechNadu for infosec updates.

#Infosec #KEV #CyberSecurity

CISA ostrzega przed lukami w Roundcube – czas na pilne aktualizacje

Masz Roundcube na serwerze? CISA właśnie przypomniała, że webmail to wciąż frontowe drzwi do twojej sieci – i ktoś nauczył się otwierać je szybciej niż ty zamykasz.

Czytaj dalej:
https://pressmind.org/cisa-ostrzega-przed-lukami-w-roundcube-czas-na-pilne-aktualizacje/

#PressMindLabs #cisa #cpanel #kev #rce #roundcube

CISA Operating Under Shutdown Constraints - Strategic Implications

Effective February 14, 2026, CISA is functioning at 38% staffing under Antideficiency Act exceptions.

Operational posture:
• KEV catalog maintained and updated for actively exploited vulns
• Emergency recall authority for national security threats
• Slower validation and vulnerability triage cycles expected
• CIRCIA rule finalization halted
• KEV enforcement activities likely suspended
Reduced analyst bandwidth directly impacts vulnerability validation, patch availability coordination, and federal liaison processes.

While KEV updates continue, compliance oversight appears weakened. That introduces potential lag between vulnerability disclosure and sector-wide remediation.

From a defensive architecture standpoint, this highlights the fragility of centralized cyber coordination under political funding constraints.
How should national-level cyber coordination be insulated from budget volatility?

Source: https://www.securityweek.com/cisa-navigates-dhs-shutdown-with-reduced-staff/

Follow @technadu for threat intelligence and policy-level cybersecurity reporting.

#Infosec #CISA #KEV #CIRCIA #CyberDefense #ZeroTrust #CriticalInfrastructure #ThreatIntelligence #NationalSecurity

Following a great question from CERT.PL about GCVE KEV assertion format and especially about the confidence level for an evidence of a vulnerability assertion.

We made a first table of confidence level for the evidence in the KEV record format.

#kev #gcve #format #vulnerability #openstandard

🔗 Discussions / Proposal https://discourse.ossbase.org/t/kev-known-exploited-vulnerabilities-potential-format-bcp-07/744/36?u=adulau

🔗 GCVE BCP-07 https://gcve.eu/bcp/gcve-bcp-07/

@gcve