Security Bulletin: Multiple vulnerabilities within WebSphere Application Server, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application Server which is included as part of IBM Tivoli Monitoring ITM portal server have been addressed. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server...

EUVD-2025-209021

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings...

New Social Security Scam Emails Use Fake Tax Documents to Hijack PCs

A new phishing campaign is targeting thousands in the US by posing as the Social Security Administration. Learn how scammers use fake 2025/2026 tax statements and Datto RMM software to hijack computers and steal data, as shared with Hackread.com...

National Nuclear Security Administration Systems Breached in SharePoint Cyberattack

National Nuclear Security Administration and National Institutes of Health targeted in global Microsoft SharePoint vulnerability exploitation. Chinese hacking groups suspected in widespread data breaches...

Fake SSA Emails Trick Users into Installing ScreenConnect RAT

Cybercriminals are using fake Social Security Administration emails to distribute the ScreenConnect RAT Remote Access Trojan and compromise…...

Fake Social Security Statement emails trick users into installing remote tool

Fake emails pretending to come from the US Social Security Administration SSA try to get targets to install ScreenConnect, a remote access tool. This campaign was flagged and investigated by the Malwarebytes Customer Support and Research teams. ScreenConnect, formerly known as ConnectWise Control...

CISA: Transportation Security Administration Surface Operations Overview

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

New TSA Cybersecurity Emergency Action Rule Impacts Cybersecurity and Compliance

On March 7, 2023, in the wake of President Joe Biden’s National Cybersecurity Strategy announcement, the U.S. Transportation Security Administration TSA issued a cybersecurity emergency action amendment for certain regulated airport and aircraft operators. The new Action Rule can have significant...

Nuclear Weapons Agency Hacked in Widening Cyberattack

The Energy Department and its National Nuclear Security Administration NNSA, which is the agency that maintains the U.S. nuclear stockpile, have been compromised as part of the widespread cyberattack uncovered this week stemming from the massive SolarWinds hack. An exclusive report by Politico...

E-Verify’s “SSN Lock” is Nothing of the Sort

One of the most-read advice columns on this site is a 2018 piece called "Plant Your Flag, Mark Your Territory," which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A k...

Social Security Administration Designates March 5 as National ‘Slam the Scam’ Day

In association with the Federal Trade Commission’s National Consumer Protection Week, the Social Security Administration SSA has designated March 5 as National “Slam the Scam” Day to educate Americans about telephone scammers impersonating government employees. These scammers aim to gain potentia...

SYS.1.2.2.A3

Ziel des Bausteins SYS.1.2.2 ist die Absicherung von Microsoft Windows Server 2012 und Microsoft Windows Server 2012 R2. Die Basis-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

Authentication Bypass in PAN-OS Management Web Interface

An Authentication Bypass vulnerability exists in the PAN-OS Management Web Interface. Ref PAN-113675, CVE-2019-1572 Successful exploitation of this issue may allow an unauthenticated remote user to access php files. This issue affects Only PAN-OS 9.0.0 Work around: This issue affects the web-base...

Registered at SSA.GOV? Good for You, But Keep Your Guard Up

KrebsOnSecurity has long warned readers to plant your own flag at the my Social Security online portal of the U.S. Social Security Administration SSA -- even if you are not yet drawing benefits from the agency -- because identity thieves have been registering accounts in peoples' names and...

SSA.GOV To Require Stronger Authentication

The U.S. Social Security Administration will soon require Americans to use stronger authentication when accessing their accounts at ssa.gov. As part of the change, SSA will require all users to enter a username and password in addition to a one-time security code sent their email or phone. In thi...

Cross-site scripting vulnerability

A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. Ref 64563. This vulnerability has been assigned CVE-2014-3764. This issue affects the management interface of the device, whe...

Verbose Error Messages

Under certain conditions, when unexpected input is provided to the web-based management UI, overly verbose error information is delivered back to the client. This does not directly result in any specific vulnerability, however this information is helpful to an attacker. Ref 33139 This issue resul...

Command Injection Vulnerability

A vulnerability exists whereby an authenticated user can execute arbitrary code as root using the device management command line interface. Ref 35249 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.8 and...

Management Server DOS Vulnerability

An issue exists whereby the management server of the device can be crashed when an authenticated users sends a specially crafted command via the command line interface. Ref 35254 This issue results in the unavailability of the management server of the device. The attacker must be an authenticated...

Command Injection Vulnerability

A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 33476 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.1.0 an...