New Cybersecurity Threats: CISA Adds More Vulnerabilities to ‘Oops, We Did It Again’ Catalog
CISA has added flaws in OracSKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS to its Known Exploited Vulnerabilities catalog. These vulnerabilities include the opportunity for remote code execution and privilege escalation, making them the ultimate uninvited guests at your cyber party.
Hot Take:
Looks like CISA is collecting vulnerabilities like they’re Pokémon! Gotta catch ’em all, right? From Windows to SKYSEA, they’re adding everything but the kitchen sink. It’s like a party where everyone’s invited, except these guests are here to crash your system!
Key Points:
– CISA has added flaws in SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS to its Known Exploited Vulnerabilities (KEV) catalog.
– The vulnerabilities include issues like improper authentication, incorrect default permissions, and untrusted pointer dereference.
– Microsoft has decided to remove a vulnerable driver instead of patching it, which seems like taking the “if it ain’t there, it can’t be hacked” approach.
– IGEL OS flaw allows for “evil-maid” style attacks, suggesting that even your Grandma might not be safe from hackers.
– Federal agencies must address these vulnerabilities by November 4, 2025, according to CISA’s Binding Operational Directive (BOD) 22-01.