Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Akira ransomware mitigation advisory for Nutanix AHV and related environments

Advisory/Mitigation
First reported
Last updated
Happening score
H score 53
1 unique sources, 1 articles

Summary

Hide ▲

CISA, the FBI, and partner agencies issued updated mitigation guidance for Akira ransomware after attacks were observed against Nutanix AHV virtual machines, increasing risk for exposed virtualization environments. The advisory urges organizations to review the updated guidance and implement the recommended mitigations. It also reinforces offline backups, multifactor authentication, and rapid patching of known exploited vulnerabilities.

Related Happenings

CERT-In issues 12-hour patch guidance for Indian organizations

Public Sector Action
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: **CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...

Open Happening

CISA-led zero-trust guide for OT environments

Public Sector Action
First: 30.04.2026 17:00 Last: 30.04.2026 17:00 Sources 1

About this happening: US government agencies led by **CISA** released **Adapting Zero Trust Principles to Operational Technology**, giving **OT operators** a framework to improve **critical infrastruct...

Open Happening

CISA and NCSC-UK China-nexus covert device networks advisory

Advisory/Mitigation
First: 23.04.2026 15:00 Last: 23.04.2026 15:00 Sources 1

About this happening: **CISA** and **NCSC-UK** released a new advisory warning organizations about **Chinese government-linked** covert networks built from **compromised devices**. The guidance says we...

Open Happening

FIRESTARTER malware on Cisco ASA and FTD devices

Malware Activity
First: 23.04.2026 15:00 Last: 23.04.2026 15:00 Sources 1

About this happening: CISA has published analysis of **FIRESTARTER**, a malware strain that enables **remote access and control** on **Cisco Firepower** and **Secure Firewall** devices, raising the ris...

Latest development: 24.04.2026 23:34

CISA, NCSC-UK, and Cisco detailed Firestarter persistence on Cisco Firepower and Secure Firewall devices running ASA or FTD software, attributing the backdoor to UAT-4356 and linking the activity to ArcaneDoor. The malware modifies CSP_MOUNT_LIST, stores a copy in /opt/cisco/platform/logs/var/log/svc_samcore.log, restores itself to /usr/bin/lina_cs, and relaunches after termination or reboot; Cisco recommends reimaging and upgrading to fixed releases, or using a cold restart only if reimaging is not possible.

Open Happening

CISA KEV directive for CVE-2026-20133

Public Sector Action
First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...

Open Happening

Timeline

  1. 14.11.2025 00:32 2 articles · 6mo ago

    Akira advisory adds Nutanix AHV mitigation guidance

    Mitigation Patch Update

    CISA, the FBI, DC3, HHS, and international partners issued an updated Akira ransomware advisory that warns the group has expanded to Nutanix AHV VM disk files after a June 2025 incident, highlights use of CVE-2024-40766 on SonicWall devices and CVE-2023-27532 or CVE-2024-40711 on unpatched Veeam Backup & Replication servers, and recommends regular offline backups, enforced multifactor authentication, and rapid patching of known exploited vulnerabilities.

    Show sources
    Open in new tab