Search results for CISA
Games & Commerce
18-year-old Excel bug still used in attacks, warning for legacy Office users
A Microsoft Excel security flaw first reported 18 years ago is still being exploited in real-world attacks, highlighting risks for organisations running unsupported software. The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2009-0238 to its catalogue of known exploited vulnerabilities and told U.S. federal civilian agencies to complete mitigation by April 28. The bug affects older Excel and Office components, while newer Excel versions are not affected.
AI & Enterprise
Predictive security models hit limits as shadow AI SaaS risks rise
Security companies are issuing reports on cyber threat trends, and two drew attention this week from Rapid7 and Grip Security. Rapid7 said defenders are finding it harder to keep up as attackers weaponise disclosed vulnerabilities within days, leaving little time to patch. Grip Security warned that AI embedded in SaaS applications can create risks outside enterprise control, and a breach of one AI-enabled app can spread across other AI environments and potentially to other organisations.
AI & Enterprise
US CISA urges stronger device management security after Stryker hacking incident
The U.S. Cybersecurity and Infrastructure Security Agency urged companies to strengthen security for device management systems after pro-Iran hackers infiltrated medical device maker Stryker’s systems and remotely wiped data from tens of thousands of employee devices. CISA said the attackers accessed Stryker’s Windows-based network and then targeted its endpoint device management system, causing continued disruption to global operations. It recommended requiring approval from two administrators for sensitive actions such as device resets.
