WASHINGTON: The US government issued a joint advisory Thursday warning of the ongoing “active exploitation” of a “critical” vulnerability in a popular password management solution, which “poses a serious risk to critical infrastructure companies, US-cleared defense contractors, academic institutions, and other entities that use the software.”
A Cybersecurity and Infrastructure Security Agency (CISA) official told Breaking Defense after this report’s original publication, “As exploitation of this product can lead to full identity compromise, CISA is taking this vulnerability very seriously and requests information from any organizations that may have been impacted.”