Central Intelligence
Central IntelligenceSIGNAL FROM NOISE
Last Update: 04/05/2026 at 2:50 PM EST

CISA Pushes Federal Patching Drive

Coverage from BleepingComputer and others

Articles

7

Latest Article

03/31

Active Days

37

Executive Summary

CISA ordered federal agencies to patch actively exploited flaws in iPhone, Roundcube, FTP, and Cisco products as attacks spread.

  • CISA added three DarkSword-linked iOS CVEs to the actively exploited catalog and set an April 3 deadline for federal fixes
  • DarkSword used six iPhone flaws to enable sandbox escape, privilege escalation, and remote code execution on unpatched devices
  • GTIG and iVerify linked DarkSword to data theft malware and watering-hole attacks on compromised Ukrainian websites
  • CISA flagged Roundcube CVE-2025-49113 and CVE-2025-68461 as actively exploited and ordered federal patching by March 13
  • Wing FTP Server CVE-2025-47813 was added to the exploited catalog after reports of active abuse and password theft risk
  • Cisco FMC CVE-2026-20131 was ordered patched by March 22 after Amazon tied it to Interlock ransomware zero-day use
  • CISA warned that the flaws were frequent attack vectors and urged private sector defenders to patch affected systems quickly

Quick Facts

  • What: Ordered urgent patching of actively exploited software flaws
  • Where: U.S. federal systems and exposed internet-facing services
  • Why: To block remote code execution, data theft, and ransomware
  • Who: CISA, federal agencies, vendors, and threat actors
  • When: March and April 2026 deadlines after active exploitation

Coverage Timeline: 37 Days

1Feb 23 '261Mar 161Mar 201Mar 231Mar 251Mar 301Mar 31 '26

Featured Article

BleepingComputer / Sergiu Gatlan 03-31-2026
CISA Orders Feds To Patch Actively Exploited Citrix Flaw By Thursday
CISA ordered U.S. Federal Civilian agencies to patch Citrix NetScaler appliances by April 2 after CVE-2026-3055 was added to the Known Exploited Vulnerabilities Catalog.

Additional Articles

⭐⭐⭐

BleepingComputer / Sergiu Gatlan 03-23-2026
CISA Orders Feds to Patch DarkSword iOS Flaws Exploited in Attacks
CISA ordered U.S. federal civilian agencies to patch three iOS vulnerabilities actively exploited through DarkSword, after researchers connected the chain to data-theft malware campaigns.
BleepingComputer / Sergiu Gatlan 03-25-2026
Citrix Urges Admins To Patch NetScaler Flaws As Soon As Possible
Citrix patched NetScaler ADC and NetScaler Gateway vulnerabilities CVE-2026-3055 and CVE-2026-4368 to reduce risks of session token theft and session mix-ups on internet-facing identity deployments.
BleepingComputer / Bill Toulas 03-30-2026
Critical Citrix NetScaler Memory Flaw Actively Exploited in Attacks
watchTowr and ShadowServer reported in-the-wild exploitation of CVE-2026-3055 in Citrix NetScaler identity gateway appliances that can expose authenticated administrative session IDs.

⭐️⭐️

BleepingComputer / Sergiu Gatlan 02-23-2026
Recently Patched Roundcube Flaws Now Exploited In Attacks
CISA orders federal agencies to patch Roundcube vulnerabilities by March 13 in the United States.
BleepingComputer / Sergiu Gatlan 03-16-2026
CISA Flags Wing FTP Server Flaw As Actively Exploited In Attacks
CISA warns Wing FTP Server users in the United States to patch active vulnerabilities in May 2025 to prevent remote code execution and data disclosure.
BleepingComputer / Bill Toulas 03-20-2026
Cisa Orders Feds To Patch Max-Severity Cisco Flaw By Sunday
CISA directed Federal Civilian Executive Branch agencies to patch Cisco Secure Firewall Management Center vulnerability CVE-2026-20131 by March 22 due to ransomware exploitation in the wild.