好的,用户让我总结这篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”之类的开头。首先,我需要通读整篇文章,抓住主要信息。 文章讲的是美国联邦机构需要在极短时间内修补三个漏洞,因为这些漏洞被网络犯罪分子和国家行为者利用。特别是SolarWinds Web Help Desk这个工具,已经第三次被要求修补漏洞了。CISA这次给了更短的时间,甚至缩短到几天。另外,还有其他两个漏洞也需要在两周内修补。 我还需要注意用户可能的深层需求。用户可能是一个需要快速了解情况的安全人员或者决策者,所以总结要简洁明了,突出关键点:时间紧迫、SolarWinds的问题、CISA的行动以及漏洞的影响。 接下来,我要把这些信息浓缩成不超过100字的中文。确保涵盖所有重要点:联邦机构、时间缩短、SolarWinds漏洞、CISA行动、其他漏洞和修补期限。 最后检查一下是否符合要求,没有使用禁止的开头,并且内容准确。 </think> 美国联邦机构需在极短时间内修补三个关键漏洞,因遭网络犯罪分子和国家行为者利用。SolarWinds Web Help Desk工具已第三次被要求紧急修复漏洞,CISA缩短补丁期限至几天。此外,另两个漏洞需在两周内修复。 2026-3-10 14:0:54 Author: therecord.media(查看原文) 阅读量:9 收藏
Federal agencies will have significantly less time than usual to patch three different vulnerabilities following reports that they are being exploited by cybercriminals and nation-state actors. The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies until Thursday to patch CVE-2025-26399 — a critical vulnerability impacting the popular SolarWinds Web Help Desk, an IT service management platform used by many government agencies to handle ticketing, asset tracking and other tasks. The tool is used to centralize IT support operations. The bug was discovered by Trend Micro’s Zero Day Initiative in September and researchers have warned since then that it is being exploited. Several cybersecurity experts said the issue can be traced back to a vulnerability discovered in 2024. CVE-2025-26399 is the third fix for that bug. “In its third iteration of patching, only time will tell whether or not this flaw is in attackers' crosshairs and will see exploitation,” Scott Caveza, senior staff research engineer at Tenable, said in September. This is the third time in the last month that CISA has ordered all federal civilian agencies to immediately patch a vulnerability affecting the SolarWinds Web Help Desk tool. In early February, CISA gave federal agencies only four days to patch another vulnerability affecting it. Two weeks later, federal agencies were given a three-day deadline to patch another bug in the software. SolarWinds software is used by dozens of federal agencies and was previously targeted by Russian hackers as part of one of the largest nation-state attacks in U.S. history. In addition to CVE-2025-26399, CISA added two other vulnerabilities to its catalog of exploited bugs on Monday — both of which have to be patched by federal agencies within two weeks. Nearly all of the vulnerabilities added to the Known Exploited Vulnerabilities catalog are given a three-week patch deadline and the date has only been shortened in rare circumstances. One of the bugs — CVE-2026-1603 affecting a product from IT company Ivanti — has allegedly been exploited since the middle of February, according to cybersecurity defenders. A Google report on zero-day vulnerabilities found Chinese nation-state attackers repeatedly targeted Ivanti throughout 2025 with novel bugs used to breach Ivanti tools.
Get more insights with the
Recorded Future
Intelligence Cloud.
如有侵权请联系:admin#unsafe.sh