Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA order to secure BIG-IP APM

Public Sector Action
First reported
Last updated
Happening score
H score 89
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2025-53521 to its actively exploited list and ordered federal agencies to secure BIG-IP APM systems by midnight on Monday, March 30, 2026, escalating urgency around exposed federal access-management deployments. The directive tells agencies to apply vendor mitigations or discontinue use if protections are unavailable. That makes the flaw an immediate public-sector remediation issue for agencies running the affected product.

Related Happenings

F5 NGINX out-of-band security updates (multiple vulnerabilities)

Security Patch Release
H score34 First: 18.06.2026 14:33 Last: 18.06.2026 14:33 Sources 1

About this happening: **F5** released **out-of-band security updates** for **NGINX** after finding multiple web server vulnerabilities, including **two critical flaws** that could enable **remote code...

CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies

Public Sector Action
H score27 First: 10.06.2026 15:00 Last: 10.06.2026 15:00 Sources 1

About this happening: **CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...

CISA KEV remediation for Android and Linux vulnerabilities

Advisory/Mitigation
H score57 First: 03.06.2026 18:36 Last: 03.06.2026 18:36 Sources 1

About this happening: CISA’s **KEV** update forced **federal agencies** to remediate **CVE-2025-48595** and **CVE-2022-0492** in **Android** and the **Linux kernel** before the **June 5** deadline, or...

CISA emergency patch deadline for Ivanti EPMM

Public Sector Action
H score40 First: 08.05.2026 15:16 Last: 08.05.2026 15:16 Sources 1

About this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
H score33 First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...

Timeline

  1. 30.03.2026 13:59 2 articles · 3mo ago

    CISA orders federal BIG-IP APM remediation for CVE-2025-53521

    Legal Policy Action Update

    CISA added CVE-2025-53521 to its actively exploited list and directed federal agencies using BIG-IP APM to secure affected systems by midnight on Monday, March 30, 2026, or discontinue use if mitigations are unavailable. The same update came after F5 reclassified the BIG-IP APM flaw from a DoS issue to a critical RCE and warned that attackers were exploiting it to deploy webshells on unpatched devices.

    Show sources