Today, CISA, the Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released an update for joint Cybersecurity Advisory (CSA) Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server.
This iteration of the CSA—now renamed Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers—is based on the forensic analysis and identified exploitation of CVE-2017-9248 at an additional FCEB agency. Activity identified at this agency is separate from the CVE-2019-18935 exploitation listed in the original publication; analysis is provided as context for existing vulnerabilities within Telerik UI for ASP.NET AJAX. Further, this update provides a timetable and context of unattributed APT actor activity that highlights events, including identified malicious files.
CISA, FBI, and MS-ISAC encourage network defenders to review this update and refer to the accompanying Malware Analysis Report, MAR-10443863-1.v1 CVE-2017-9248 Exploitation in U.S. Government IIS Server for analysis of the newly identified malicious files.
CISA released four Industrial Control Systems (ICS) advisories on August 19, 2025. These advisories provide…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released thirty-two Industrial Control Systems (ICS) advisories on August 14, 2025. These advisories provide…
CISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency,…
This website uses cookies.