Kentucky Cyber Threat Dashboard
Monitor current cybersecurity threats affecting Kentucky's infrastructure. Updated daily with data from CISA, the National Vulnerability Database, and AI-powered threat analysis.
Cyber News
Cybersecurity officials are issuing heightened warnings about Russian-sponsored cyber attacks targeting U.S. and allied critical infrastructure. These advisories highlight a 'relentless' campaign against supply chains, democratic processes, and public trust, often leveraging artificial intelligence to enhance their operations. Kentucky entities, especially utilities and government services, should maintain a high state of vigilance for unusual network activity and ensure incident response plans are up to date. This represents a persistent and sophisticated threat to core state and local functions.
Known Exploited Vulnerabilities
CISA added several actively exploited vulnerabilities to its KEV catalog this week, indicating immediate risk to unpatched systems. Of particular concern for local governments are flaws in Drupal Core (CVE-2026-9082) and the LiteSpeed cPanel Plugin (CVE-2026-48172), which could allow attackers to compromise government websites and hosting infrastructure. Other exploited vulnerabilities in developer tools like Nx Console and TanStack highlight growing supply-chain risks. IT staff must prioritize patching these specific CVEs, as threat actors are actively using them in attacks.
New Vulnerabilities
A large volume of critical vulnerabilities was disclosed in the last 24 hours, notably affecting Oracle products and WordPress plugins. Multiple critical flaws in Oracle E-Business Suite, REST Data Services, and Database Server could allow attackers to take complete control of financial, HR, and database systems. Similarly, critical vulnerabilities in popular WordPress plugins like WP Maps Pro (CVE-2026-8732) and Advanced Custom Fields: Extended (CVE-2026-8809) allow unauthenticated attackers to create administrator accounts and seize control of websites. Immediately identify and patch any systems running this software.
133
High/Critical CVEs this week
14
Known Exploited Vulnerabilities this week
Relevant CVEs for Kentucky Infrastructure
Critical Unauthenticated Takeover Vulnerability in Oracle REST Data Services
This vulnerability affects Oracle systems used to provide data to web applications. It allows an attacker with network access, but no user account, to completely take over the service. This could lead to a major breach of any connected database, potentially exposing sensitive citizen, financial, or utility operational data. Action: Immediately identify all systems using Oracle REST Data Services (ORDS) and apply the latest security patches from Oracle.
Critical Remote Takeover Vulnerability in Oracle Payments
This vulnerability affects the Oracle E-Business Suite component used for processing payments. An unauthenticated attacker on the network could exploit this to take over the payment system, potentially leading to financial fraud, theft of funds, or disruption of billing and payment operations for citizens or utility customers. Action: Immediately identify systems running Oracle E-Business Suite and apply the latest security patches from Oracle, specifically for the Oracle Payments component.
Critical Administrator Creation Vulnerability in WordPress WP Maps Pro Plugin
This vulnerability affects websites using the 'WP Maps Pro' WordPress plugin, which may be used on county or utility sites to display service areas or locations. It allows any unauthenticated visitor to create a new administrator account and gain complete control of the website. This could be used to spread misinformation, steal data, or launch further attacks. Action: Immediately check all public-facing websites for this plugin. If found, update it to the latest version or disable and remove it.
Critical Administrator Creation Vulnerability in WordPress 'Advanced Custom Fields: Extended' Plugin
This vulnerability affects websites using the popular 'Advanced Custom Fields: Extended' WordPress plugin. If a public-facing form is configured in a specific way, an unauthenticated attacker can exploit this flaw to create a new administrator account, leading to a complete website takeover. This could be used to deface the site, distribute malware, or steal user data. Action: Immediately check all public-facing websites for this plugin. If found, update it to the latest version or disable and remove it.
Critical Authentication Bypass in WordPress 'OTP Login' Plugin
This vulnerability affects websites using the 'OTP Login With Phone Number' plugin for two-factor authentication. It allows an attacker to bypass the security check and log in as any user, including an administrator, without a valid password or OTP code. This completely undermines the site's security and can lead to a full takeover. Action: Immediately check all websites for this plugin. If it is in use, update it to a patched version immediately.
Critical Remote Takeover Vulnerability in Oracle iAssets
This vulnerability affects the Oracle E-Business Suite component for managing physical and IT assets. A low-privileged attacker on the network could exploit this to take over the system and potentially impact other connected systems. This could disrupt tracking of critical assets like vehicles, infrastructure components, or computer hardware. Action: Immediately identify systems running Oracle E-Business Suite and apply the latest security patches from Oracle, specifically for the Oracle iAssets component.
Critical Remote Takeover Vulnerability in Oracle Universal Work Queue
This vulnerability affects the Oracle E-Business Suite component for managing work tasks and business process flows. A compromise could allow an attacker to disrupt internal operations, approve fraudulent requests, or gain access to sensitive information flowing through the system. Action: Immediately identify systems running Oracle E-Business Suite and apply the latest security patches from Oracle for the Universal Work Queue component.
Critical Remote Takeover Vulnerability in Oracle Database Server
This vulnerability affects the core networking service of Oracle Database servers, which are widely used in government and utilities to store critical data. A successful attack could allow an unauthenticated remote attacker to take over the database service, leading to a catastrophic data breach or service outage. Action: Prioritize applying the latest security patches from Oracle to all Oracle Database servers.
Critical Remote Takeover Vulnerability in Oracle REST Data Services
This vulnerability affects Oracle systems used to provide data to web applications. It allows a low-privileged attacker to completely take over the service and potentially gain access to the underlying database. This could lead to a major breach of sensitive citizen, financial, or utility operational data. Action: Immediately identify all systems using Oracle REST Data Services (ORDS) and apply the latest security patches from Oracle.
Critical Data Tampering Vulnerability in Oracle Internet Procurement Connector
This vulnerability affects the Oracle E-Business Suite component for managing procurement. An unauthenticated attacker on the network could exploit this to access, create, or modify critical procurement data. This could lead to financial fraud, supply chain disruptions, or theft of sensitive bidding information. Action: Immediately identify systems running Oracle E-Business Suite and apply the latest security patches from Oracle for the Procurement Connector component.