The article discusses an emergency directive issued by CISA in response to critical zero-day vulnerabilities discovered in Cisco products. It emphasizes the urgency for organizations to apply patches and mitigate risks associated with these vulnerabilities to enhance cybersecurity defenses.

Illumina has agreed to a $9.8 million settlement due to failing to incorporate adequate cybersecurity measures in its products, leading to vulnerabilities that could be exploited by remote attackers. This settlement arises from a lawsuit initiated by a former employee under the False Claims Act, with a portion of the funds allocated to the whistleblower.

Over 800 N-able N-central servers remain unpatched against two critical vulnerabilities, CVE-2025-8875 and CVE-2025-8876, which are currently being exploited. N-able has urged administrators to upgrade to the patched version 2025.3.1, while CISA has mandated federal agencies to mitigate these vulnerabilities within a week. Shadowserver Foundation reports that most of the vulnerable servers are located in the U.S., Canada, and the Netherlands.

CISA reported that hackers breached a U.S. federal agency by exploiting a critical unpatched vulnerability in GeoServer, leading to lateral movement within the agency's network and the installation of web shells. The attackers remained undetected for three weeks until their activities triggered alerts, prompting an investigation and response measures. CISA emphasizes the importance of timely patching and monitoring for security vulnerabilities.

Two new vulnerabilities in Linux have been disclosed that can be exploited together to gain full root access. Additionally, CISA has warned of active exploitation of an older vulnerability affecting the Linux kernel, emphasizing the need for organizations to apply patches immediately.

Over 266,000 F5 BIG-IP instances are exposed online, following a breach that allowed nation-state hackers to steal source code and information about security flaws. F5 has released patches for 44 vulnerabilities and urged users to update their systems, while CISA has mandated federal agencies to secure their F5 products by specific deadlines and disconnect unsupported devices.