4188 matches found
Microsoft Releases Advance Notification for October Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its October release will contain eight bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Internet Explorer, .NET Framework, Office, Server Software, an...
Security Update Available for Adobe Shockwave Player
Adobe has released a security update for Adobe Shockwave Player 12.0.3.133 and earlier versions for Windows and Macintosh to address multiple vulnerabilities. These vulnerabilities, if exploited, could allow an attacker to run malicious code on an affected system. US-CERT recommends that users an...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 21.0 Firefox ESR 17.0.6 Thunderbird 17.0.6 Thunderbird ESR 17.0.6 These vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtai...
Google Releases Google Chrome 25.0.1364.152
Google has released Google Chrome 25.0.1364.152 for Windows, Linux, and Mac to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, bypass security features, or cause a denial-of-service condition. US-CERT encourages users and administrators to...
Adobe Releases Security Bulletin About Code Signing Certificate
Adobe has released a security bulletin to address an issue with a current Adobe code signing certificate. The certificate to be revoked has been used to sign malicious code. The certificate will be revoked on October 4, 2012 for all software code signed after July 10, 2012. Adobe is issuing a new...
Microsoft Releases a Security Advisory for Microsoft Digital Certificates
Microsoft has released security advisory 2728973 to replace a number of certificates that did not meet Microsoft's high standard of Public-Key Infrastructure PKI management. This update places the intermediate certificate authority CA certificates in the Untrusted Certificate Store and replaces...
Microsoft Releases April Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Server Software, Developer Tools, and Forefront United Access Gateway as part of the Microsoft Security Bulletin Summary for April 2012. These vulnerabilities may...
Oracle Releases Critical Patch Update for February 2012
Oracle released its February Critical Patch Update CPU containing 14 security fixes for the following products: JDK and JRE 7 Update 2 and earlier JDK and JRE 5 Update 30 and earlier JDK and JRE 5.0 Update 33 and earlier SDK and JRE 1.4.235 and earlier JavaFX 2.0.2 and earlier US-CERT encourages...
Phishing Campaign Using Spoofed US-CERT Email Addresses
On January 10, 2012, US-CERT received reports of a phishing campaign that is spoofing US-CERT email to deliver a variant of the Zeus/Zbot Trojan known as Ice-IX. This campaign appears to be targeting a large number of private sector organizations as well as federal, state, and local governments...
Google Releases Chrome 16.0.912.75
Google has released Chrome 16.0.912.75 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...
Adobe Releases Security Advisory for Adobe Reader and Acrobat
Adobe has released a Security Advisory for Adobe Reader and Acrobat to address a vulnerability affecting the following software versions: Adobe Reader X 10.1.1 and earlier versions for Windows and Macintosh Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh, and Unix Adobe Acrobat...
Adobe Releases Security Advisory for Adobe Flash Player
Adobe has released a security update for Adobe Flash Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or perform a cross-site scripting attack. Adob...
Potential Hurricane Irene Phishing Scams
In the past, US-CERT has received reports of phishing scams and malware campaigns related to topics that are of high-interest to the U.S. Government or news media, such as Hurricane Irene. Users' systems have been compromised by receiving and accessing phishing emails with subject lines that seem...
Mozilla Releases Firefox 6 and 3.6.20
The Mozilla Foundation has released Firefox 6 and Firefox 3.6.20 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or obtain sensitive information. US-CERT encourages users and administrators to review th...
Mississippi Flooding Disaster Email Scams, Fake Antivirus, and Phishing Attack Warning
Users should be aware of potential email scams, fake antivirus, and phishing attacks regarding the Mississippi flooding disaster. Email scams may contain links or attachments that may direct users to phishing or malicious websites. Fake antivirus attacks may come in the form of pop-ups that flash...
WordPress Releases Version 3.1.1
WordPress has released WordPress 3.1.1 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to conduct cross-site request forgery attacks, conduct cross-site scripting attacks, or cause a denial-of-service condition. US-CERT encourages users and...
Cisco Releases Security Advisories
Cisco has released a security advisory to address a vulnerability in some versions of Cisco Secure Access Control System ACS. This vulnerability may allow an attacker to change the password of a user account without any previous access to the user's account or knowledge of the account's previous...
Adobe Releases Updates for Adobe Reader and Acrobat
Adobe has released updates for Reader and Acrobat to address multiple vulnerabilities affecting the following software versions: Adobe Reader X 10.0 and earlier versions for Windows and Macintosh Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh, and Unix Adobe Acrobat x 10.0 and...
Adobe Releases Security Update for Flash Media Server
Adobe has released Flash Media Server 4.0.1, 3.5.5, and 3.0.7 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe security bulletin APSB10-27 and apply appropriate updates to help...
Cisco Releases Updates for Wireless LAN Controller
Cisco has released updates to address multiple vulnerabilities in the Cisco Wireless LAN Controller WLC. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition, modify the device configuration, or bypass access control lists. US-CERT encourages...
Google Releases Chrome 5.0.375.127
Google has released Chrome 5.0.375.127 for Windows, Mac, and Linux to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or conduct spoofing attacks. US-CERT encourages users and administrators to review th...
Microsoft Releases Advance Notification for August Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its August release will contain 14 bulletins. Eight bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer, Office, and Silverlight. The remaining six bulletins will hav...
Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability
Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-42897link is external Microsoft Exchange Server Cross-Site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...
Supply Chain Compromise Impacts Axios Node Package Manager
The Cybersecurity and Infrastructure Security Agency CISA is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager npm.1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-49113link is external RoundCube Webmail Deserialization of Untrusted Data Vulnerability CVE-2025-68461link is external RoundCube Webmail Cross-site Scripti...
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2018-14634link is external Linux Kernel Integer Overflow Vulnerability CVE-2025-52691link is external SmarterTools SmarterMail Unrestricted Upload of File with...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20805link is external Microsoft Windows Information Disclosure Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actor...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-352-01 Inductive Automation Ignition ICSA-25-352-02 Schneider Electric EcoStruxure Foxboro DCS Advisor...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-24893link is external XWiki Platform Eval Injection Vulnerability CVE-2025-41244link is external Broadcom VMware Aria Operations and VMware Tools Privilege...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on July 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-205-01 Mitsubishi Electric CNC Series ICSA-25-205-02 Network Thermostat X-Series WiFi...
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-54309link is external CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558link is external Google Chromium ANGLE and GPU Improper Input...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-11023link is external JQuery Cross-Site Scripting XSS Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pos...
Ivanti Releases Security Updates for Multiple Products
Ivanti released security updates to address vulnerabilities in Ivanti Avalanche, Ivanti Application Control Engine, and Ivanti EPM. CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates: Ivanti Avalanchelink is...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8957link is external PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability CVE-2024-8956link is external PTZOptics PT30X-SDI/NDI Cameras...
Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments
CISA has received multiple reports of a large-scale spearphishing campaign targeting organizations in several sectors, including government and information technology IT. The foreign threat actor, often posing as a trusted entity, is sending spearphishing emails containing malicious remote deskto...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30088link is external Microsoft Windows Kernel TOCTOU Race Condition Vulnerability CVE-2024-9680link is external Mozilla Firefox Use-After-Free Vulnerability...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29824link is external Ivanti Endpoint Manager EPM SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...
Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229
Versa Networks has released an advisory for a vulnerability CVE-2024-45229link is external affecting Versa Director. A cyber threat actor could exploit this vulnerability to exercise unauthorized REST APIs. CISA urges organizations to apply necessary updates, hunt for any malicious activity, repo...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4879 ServiceNow Improper Input Validation Vulnerability CVE-2024-5217 ServiceNow Incomplete List of Disallowed Inputs Vulnerability CVE-2023-45249 Acronis...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-24919 Check Point Quantum Security Gateways Information Disclosure Vulnerability CVE-2024-1086 Linux Kernel Use-After-Free Vulnerability These types of...
Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400
Palo Alto Networks has released workaround guidance for a command injection vulnerability CVE-2024-3400 affecting PAN-OS versions 10.2, 11.0, and 11.1. Palo Alto Networks has reported active exploitation of this vulnerability in the wild. CISA encourages users and administrators to review the Pal...
Ivanti Releases Security Update for Ivanti Connect Secure and Policy Secure Gateways
Ivanti has released security updates to address vulnerabilities in all supported versions 9.x and 22.x of Ivanti Connect Secure and Policy Secure gateways. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encourage...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29360 Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...
Juniper Networks Releases Security Bulletin for Junos OS and Junos OS Evolved
Juniper Networks has released a security advisory to address a vulnerability CVE-2024-21611 in Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the Juniper Advisory...
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-47246 SysAid Server Path Traversal Vulnerability CVE-2023-36844 Juniper Junos OS EX Series PHP External Variable Modification Vulnerability CVE-2023-36845...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-4966 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability CVE-2021-1435 Cisco IOS XE Web UI Command Injection Vulnerability These types of...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-4211 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-41179 Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28434 MinIO Security Feature Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risk...