CISA has added two Android Framework 0-days (CVE-2025-48572 & CVE-2025-48633) to the KEV list, confirming active exploitation.

Together, they enable privilege escalation and information disclosure, forming a potentially complete compromise path for targeted devices.

Federal agencies have a December 23 patch deadline, and wider organizations are encouraged to roll out updates and monitor for related indicators.

💬 Mobile ecosystems remain a critical attack surface - what best practices have worked for your teams?

Source: https://cybersecuritynews.com/android-0-day-vulnerability-exploited/

Follow us for ongoing vulnerability and threat intelligence updates.

#Cybersecurity #AndroidSecurity #KEV #CISA #ZeroDay #MobileThreats #ThreatIntel #Infosec #SecurityUpdates #DeviceSecurity

Hey everyone! It's been a bit quiet on the news front over the last 24 hours, but we've got one significant update concerning an actively exploited SCADA vulnerability and a look at some sustained exploitation efforts. Let's dive in:

Actively Exploited SCADA XSS Added to CISA KEV ⚠️

- CISA has added CVE-2021-26829, a cross-site scripting (XSS) vulnerability in OpenPLC ScadaBR (affecting Windows through v1.12.4 and Linux through v0.9.1), to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation.
- This flaw was recently leveraged by the pro-Russian hacktivist group TwoNet, who targeted a Forescout honeypot (mistaking it for a water treatment facility). After gaining initial access via default credentials, they exploited the XSS to deface the HMI login page and disable logs/alarms.
- Separately, VulnCheck has identified a long-running exploit operation, active for about a year, originating from Google Cloud OAST infrastructure and primarily targeting Brazil. This operation scans for over 200 CVEs, including a custom variant of a Fastjson RCE flaw, demonstrating sustained, regionally-focused attack efforts.

📰 The Hacker News | https://thehackernews.com/2025/11/cisa-adds-actively-exploited-xss-bug.html

#CyberSecurity #ThreatIntelligence #Vulnerability #CVE #XSS #SCADA #ICS #CISA #KEV #Hacktivism #TwoNet #Exploitation #InfoSec #IncidentResponse

CISA has added CVE-2021-26829
(OpenPLC/ScadaBR XSS) to the Known Exploited Vulnerabilities Catalog.

XSS vulnerabilities in ICS/SCADA environments remain a dependable avenue for attackers, and CISA is urging organizations - not just federal - to prioritize remediation.

How does your team track and respond to KEV updates?

Source: https://www.cisa.gov/news-events/alerts/2025/11/28/cisa-adds-one-known-exploited-vulnerability-catalog

🔔 Follow TechNadu for balanced, non-sensational cybersecurity coverage.

#infosec #CISA #KEV #ICS #SCADA #OpenPLC #OTSecurity #XSS #vulnerabilitymanagement #riskmanagement #cybersecuritynews #threatintel

Friday #KEV adds make me shed a tear.

At least @runZeroInc pushed out a Rapid Response yesterday for
CVE-2025-61757. If you're on your way out the door, glance at your dashboard now to know what's up with your exposure.

On This Day 21st September 2003.

Sandbox on stage at The Roadhouse, Manchester for their first ever gig, 21st November 2003
From left to right Kev - bass, Lennie Butler - vocals, acoustic guitar, Paul Allen - guitar, vocals.
**Spoiler warning**
Don't get used to Kev - he turned up for the next rehearsal, but then was never seen again.
He never actually quit, but they managed to find someone to play their next gig at 2 days notice.

#Manchester #TheRoadhouse #Sandbox #Kev #bass #LennieButler #PaulAllen #guitar #ManchesterBands #ManchesterMusic #LiveMusic #photography