Live intelligence feed
2698 collected events across every source — vulnerabilities, rulemaking and (soon) advisories, enforcement & news — newest first. This is the raw stream behind the compliance boards.
All sources
CISA KEV · 1644
NVD CVE · 609
News · 229
eCFR · 98
CISA advisory · 21
DoD CIO CMMC · 21
DC3 DCISE · 19
DOJ FCA · 16
Fed. Register · 11
DCSA · 10
Cyber AB docs · 10
NIST · 9
OIRA · 1
⊙ Subscribe (RSS)
this exact view — open in your feed reader
-
The security operations center (SOC) has become the critical hub of Federal agencies’ cyber readiness. SOC analysts keep agencies safely up and running – determining the size and impact of incidents, utilizing threat intelligence, implementing response...
-
Is it a noun or a verb? What the heck is a MeriTalk and why were you so dumb to call your publication that? Why not put Fed or Gov in the name – like every title? Good questions. So, here goes. We gave our publication a different name, because we wanted to...
-
252.204-7021 Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement.
-
252.204-7020 NIST SP 800-171 DoD Assessment Requirements.
-
252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements.
-
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.
-
As remote work shifts to hybrid work for the long term, Federal agencies need continued (and even stronger) cloud security.
-
252.204-7007 Alternate A, Annual Representations and Certifications.
-
Like many of you, I have read the news every day for the last four years. Every day was like a visit to the proctologist – anger, fear, frustration. And, yes, the A word – anxiety.
-
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
-
After a decade-long initiative to expand telework, the COVID-19 pandemic has shifted the federal government’s workforce to cloud-based telework, practically overnight. While improving workforce flexibility seems like the obvious benefit, federal agencies...
-
Following the release of the FITARA Scorecard 10.0 in August, discussion about sunsetting the MEGABYTE category of the scorecard has picked up. But, is that really a good idea?
-
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.
-
As the seriousness of the coronavirus pandemic became apparent early this year, the first matter of business for the Federal government was simply getting employees online and ensuring they could carry on with their critical work and missions. This is a...
-
The COVID-19 pandemic has influenced the way agencies function, and forced many to redefine what it means to be connected and modernize for mission success.
-
I’m a foreigner who’s proud of my heritage – and I’m an American patriot ready to stand up for this great country’s principles.
-
When agencies began full-scale telework earlier this year, many were not anticipating it would evolve into a long-term workplace strategy. However, in the wake of COVID-19, recent calculations estimate $11 billion in Federal cost-savings per year due to...
-
ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.
-
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An...
-
252.204-7020 xxx
-
252.204-7021 xxx
-
252.204-7019 xxx
-
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.
-
252.204-7002 Payment for Contract Line or Subline Items Not Separately Priced.
-
252.204-7007 Alternate A, Annual Representations and Certifications.
-
252.204-7006 Billing instructions.
-
252.204-7017 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services - Representation.
-
252.204-7016 Covered Defense Telecommunications Equipment or Services - Representation.
-
252.204-7007 Alternate A, Annual Representations and Certifications.
-
252.204-7012 Safeguarding covered defense information and cyber incident reporting.
-
252.204-7018 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services.
-
252.204-7013 [Reserved]
-
252.204-7014 Limitations on the Use or Disclosure of Information by Litigation Support Contractors.
-
252.204-7015 Notice of Authorized Disclosure of Information for Litigation Support.
-
252.204-7007 Alternate A, Annual Representations and Certifications.
-
252.204-7007 Alternate A, Annual Representations and Certifications.
-
252.204-7005 [Reserved]
-
252.204-7004 Antiterrorism Awareness Training for Contractors.
-
252.204-7007 Alternate A, Annual Representations and Certifications.
-
252.204-7011 [Reserved]