The Cybersecurity and Infrastructure Security Agency has canned 10 emergency directives, issued between 2019 and 2024, after concluding they are no longer needed due to improved vulnerability tracking and remediation efforts, according to The Record, a news site by cybersecurity firm Recorded Future.
SecurityWeek reports that updates have been issued by Cisco to fix the medium-severity Identity Services Engine and ISE Passive Identity Connector flaw, tracked as CVE-2026-20029, following the release of a proof-of-concept exploit.
Trio of VMware ESXi zero-days chained long before disclosure BleepingComputer reports that attacks spreading a VMware ESXi exploit toolkit which involved a trio of zero-days that were chained more than a year before their disclosure last March have been conducted by Chinese-speaking threat actors last month.
Security Affairs reports that Google has issued a universal Android update addressing the critical Dolby audio decoder vulnerability, tracked as CVE-2025-59457, after initially fixing the issue in Pixel phones last month.
Cyble's analysis indicates that 245 vulnerabilities were added to the CISA KEV catalog in 2025, representing a roughly 20% growth rate and a substantial increase compared to the 185 and 187 vulnerabilities added in 2024 and 2023, respectively.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
