CISA Adds Actively Exploited KNX Protocol Flaw to KEV Catalog
A critical account lockout vulnerability in KNX Association products is now under active exploitation, requiring immediate remediation by federal agencies.
CISA has added CVE-2023-4346, an overly restrictive account lockout vulnerability within the KNX Association KNX Protocol Connection Authorization Option 1, to its Known Exploited Vulnerabilities catalog. This flaw allows an attacker to purge all devices lacking additional security configurations and set a Bus Coupling Unit (BCU) key to lock the affected hardware.
The vulnerability, classified under CWE-645, is confirmed to be under active, real-world exploitation. Federal agencies are required to apply vendor-provided mitigations by July 29, 2026, in accordance with BOD 26-04. Stakeholders must evaluate the internet exposure of their assets and ensure compliance with CISA's forensic triage and patching requirements.
Continue Reading
23andMe Settles Data Privacy Claims
A multi-state settlement highlights the massive fallout from a 2023 breach that exposed sensitive genetic data for millions of customers.
LegacyHive: A New Windows Zero-Day
A persistent security researcher has unveiled a local privilege escalation bug for Windows 11, raising questions about severity.
Critical SSRF Vulnerability Discovered in stoatchat Versions Below 0.13.5
A critical server-side request forgery vulnerability in stoatchat allows unauthenticated attackers to access internal network infrastructure.