Kentucky Cyber Threat Dashboard
Monitor current cybersecurity threats affecting Kentucky's infrastructure. Updated daily with data from CISA, the National Vulnerability Database, and AI-powered threat analysis.
Cyber News
This week saw a significant increase in cyber activity from Iran-linked threat actors targeting U.S. entities. A major U.S. medical device manufacturer suffered a global network disruption, highlighting the direct risk to critical infrastructure sectors, including healthcare and utilities. This heightened nation-state activity coincides with a new U.S. Cyber Strategy, signaling a more proactive national defense posture. Kentucky entities should remain vigilant for sophisticated attacks, as demonstrated by a recent vendor-related data breach at a Western Kentucky healthcare provider.
Known Exploited Vulnerabilities
CISA added several actively exploited vulnerabilities to its catalog this week, impacting common enterprise software. Critical flaws in Google's Chromium engine affect widely used web browsers like Chrome and Edge, requiring immediate updates to prevent arbitrary code execution. Additionally, vulnerabilities in IT management tools from Ivanti, SolarWinds, and Omnissa (formerly VMware) are being exploited. County and utility IT staff must prioritize patching these systems, as they are used for endpoint management and help desk support, making them high-value targets.
New Vulnerabilities
There have been no new high or critical severity vulnerabilities published in the national database over the past 24 hours. This provides a brief window for IT teams to focus on other priorities. Staff should use this time to continue applying patches for previously identified vulnerabilities, especially those added to the CISA KEV catalog this week, and to verify backup integrity.
205
High/Critical CVEs this week
11
Known Exploited Vulnerabilities this week