OpenSSL 'Heartbleed' Vulnerability

A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. This may allow an attacker to decrypt traffic or perform other attacks. OpenSSL...

GnuTLS Releases Security Update

GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks. Many Linux...

BlackBerry Releases Security Advisory

BlackBerry has released a security advisory that addresses Adobe® Flash® remote code execution vulnerabilities that affect BlackBerry® Z10, BlackBerry® Q10 smartphone and BlackBerry® PlayBook™ tablet customers. These vulnerabilities could potentially allow an attacker to execute code with the...

UK CPNI Releases Spear Phishing Paper

The United Kingdom's Centre for the Protection of National Infrastructure CPNI has recently released a paper titled "Spear Phishing - Understanding the Threat;" this document provides guidance on how spear phishing attacks work, whether you are likely to be a target, and the steps organizations c...

Apple Releases Security Updates for Safari

Apple has released security updates for Safari 6.1.1 and Safari 7.0.1 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to obtain sensitive information, execute arbitrary code or cause a denial-of-service condition. Safari 6.1.1 and Safari 7.0.1 updates are...

Microsoft Releases Advance Notification for December Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its December 2013 release will contain 11 bulletins. These bulletins will have severity ratings of critical and important and will be for Microsoft Windows, Microsoft Office, Microsoft Lync, Internet Explorer, Microsoft...

Apple Releases Security Update for Java on OS X

Apple has released a security update for Java on Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, and OS X Mountain Lion 10.8 or later to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code wi...

Microsoft Releases October 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, Server Software, and Silverlight as part of the Microsoft Security Bulletin Summary for October 2013. These vulnerabilities could allow remote code execution or information...

Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication

Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes eight Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service DoS condition, interface queue...

Apple Releases Security Update for OS X Server

Apple has released a security update for OS X Server v2.2.2 for OS X Mountain Lion v10.8 or later to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to cause a denial of service, execute arbitrary code or cause a cross-site scripting attack. US-CERT encourages...

Microsoft Releases Security Advisory

Microsoft has released Security Advisory 2862973 impacting applications and services using certificates with the MD5 hashing algorithm. Usage of the MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. US-CERT...

OpenX Releases Security Update

OpenX has released an important security update for OpenX Source, the open source ad serving product. The downloadable ZIP archive of OpenX Source 2.8.10 was compromised to include a backdoor that would allow an attacker to upload and execute arbitrary PHP code. Compromised OpenX Source ad server...

Microsoft Releases April 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Server Software, and Security Software as part of the Microsoft Security Bulletin summary for April 2013. These vulnerabilities could allow remote code execution, elevation of privilege,...

Apple Releases Security Update for Java on OS X

Apple has released a security update for Java on OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later, Mac OS X v10.6.8, and Mac OS X Server v10.6.8 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code...

Microsoft Releases December 2012 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Office, and Microsoft Server Software as part of the Microsoft Security Bulletin summary for December 2012. These vulnerabilities could allow an attacker to bypass security features or...

Adobe Releases Security Bulletin for Flash Player

Adobe has released a security bulletin for Adobe Flash Player to address multiple vulnerabilities. These vulnerabilities affect Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and...

Malware Campaigns Impersonating U.S. Government Agencies

US-CERT is aware of multiple malware campaigns impersonating multiple U.S. government agencies, including the United States Cyber Command USCYBERCOM and the Federal Bureau of Investigation FBI. Once installed on a system, the malware displays a screen claiming that a Federal Government agency has...

Adobe Releases Security Bulletins for Multiple Products

Adobe has released security bulletins to alert users of critical vulnerabilities in multiple products. The following products are affected: Adobe Illustrator CS 5.5 and earlier versions for Windows and Macintosh Adobe Photoshop CS 5.5 and earlier versions for Windows and Macintosh Adobe Flash...

Oracle Releases Critical Patch Update for April 2012

Oracle has released its Critical Patch Update for April 2012 to address 88 vulnerabilities across multiple products. This updates contains the following security fixes: 6 for Oracle Database Server 11 for Oracle Fusion Middleware 6 for Oracle Enterprise Manager Grid Control 4 for Oracle E-Busines...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 11 Firefox 3.6.28 Firefox ESR 10.0.3 Thunderbird 11 Thunderbird 3.1.20 Thunderbird ESR 10.0.3 SeaMonkey 2.8 These vulnerabilities may allow an attacker to execute arbitrary code,...

Google Releases Chrome 17.0.963.79

Google has released Chrome 17.0.963.79 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review th...

U.S. Tax Season Phishing Scams and Malware Campaigns

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the United States tax season. Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potenti...

Cisco Releases Multiple Security Advisories

Cisco has released three security advisories to address vulnerabilities affecting Cisco ASA 5500 Series Adaptive Security Appliances, Cisco Catalyst 6500 Series ASA Services Module, Cisco Firewall Services Module, and Cisco Network Admission Control Manager. These vulnerabilities may allow an...

SSL/TLS Protocol Vulnerability

US-CERT is aware of a vulnerability affecting the Secure Socket Layer SSL and Transport Layer Security TLS protocols. Exploitation of this vulnerability may allow an attacker to decrypt encrypted SSL/TLS traffic and obtain sensitive information. Microsoft has released Security Advisory 2588513 to...

Fraudulent DigiNotar SSL Certificate

US-CERT is aware of public reports of the existence of fraudulent SSL certificates issued by DigiNotar. These fraudulent SSL certificates could be used by an attacker to masquerade as legitimate sites. Mozilla has released Firefox 3.6.22 and Firefox 6.0.2 to address this issue. Additional...

Apple Releases iOS 4.3.5 and iOS 4.2.10

Apple has released iOS 4.3.5 for the iPhone GSM model, iPod touch, and iPad, and iOS 4.2.10 for the iPhone CDMA model to address a vulnerability. This vulnerability may allow an attacker with a privileged network position to capture or modify data in SSL/TLS sessions. US-CERT encourages users and...

RIM Releases Security Advisory for BlackBerry PlayBook

RIM has released a security advisory to address vulnerabilities in the Adobe Flash Player version included with the BlackBerry PlayBook tablet software. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial of service condition. US-CERT encourages users and...

Cisco Releases Security Advisories for Multiple Products

Cisco has released security advisories for four products to address multiple vulnerabilities. These products include Cisco Unified IP phones, Cisco Network Registrar, Cisco AnyConnect Secure Mobility Client, and Cisco Media Experience. Exploitation of the vulnerabilities may allow an attacker to...

WebGL Security Risks

US-CERT is aware of reports indicating that WebGL contains multiple significant security issues. The impact of these issues includes denial of service, and cross-domain attacks. WebGL is a new web standard that is enabled by default in Firefox 4 and Google Chrome and is included in Safari. US-CER...

Apple Releases iOS 4.3.3

Apple released iOS 4.3.3 for the iPhone, iPod Touch, and iPad to address location tracking history capabilities. This update specifically addresses two bugs in iOS that resulted in the devices storing historical location data for too long. US-CERT encourages users and administrators to review App...

WordPress Releases Version 3.1.2

WordPress has released WordPress 3.1.2 to address a vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.1.2 and apply any necessary updates to hel...

RealNetworks, Inc. Releases Update for Helix Server and Helix Mobile Server

RealNetworks, Inc. has released a security update for multiple vulnerabilities affecting Helix Server and Helix Mobile Server. The vulnerabilities affect versions 12.x, 13.x, and 14.x of Helix Server and Helix Mobile Server installed on Red Hat Enterprise Linux 5, Sun Solaris 10, Windows 2003, an...

Mozilla Releases Updates for Firefox, Thunderbird, and SeaMonkey

The Mozilla Foundation has released Firefox 3.6.14 and Firefox 3.5.17 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site request forgery attacks, cause a denial-of-service condition, or operate with elevat...

Adobe Prenotification Security Advisory for Adobe Reader and Acrobat

Adobe had issued a prenotification advisory indicating that it plans to release updates for Adobe Reader and Acrobat to address multiple vulnerabilities. The advisory indicates that updates for Windows and Macintosh will be available on February 8, 2011. An update for UNIX will be available the...

WordPress.org has released WordPress 3.0.4

WordPress.org has released WordPress 3.0.4 to address a vulnerability in the HTML sanitation library. Exploitation of this vulnerability may allow an attacker to insert arbitrary HTML and script code into the browser session. US-CERT encourages users and administrators to review the WordPress.org...

Microsoft Releases August Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, and Silverlight as part of the Microsoft Security Bulletin Summary for August 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges...

Apple Releases iTunes 9.2

Apple has released iTunes 9.2 for Windows systems to address multiple vulnerabilities affecting the ColorSync, ImageIO, and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to...

Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat

Adobe has released a security advisory to notify users of a vulnerability in Adobe Flash Player, Reader, and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code and take control of the affected system. The advisory indicates that Adobe is aware of active...

Microsoft Re-Releases Security Update for MS10-025

Microsoft has re-released the security update related to Microsoft security bulletin MS10-025. This vulnerability affects Windows Media Services running on Windows 2000 Server. The original release of this update had been revoked last week because it did not effectively correct the underlying...

VideoLAN Releases Security Advisory for VLC Media Player

VideoLAN has released a security advisory to address multiple vulnerabilities in VLC Media Player. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review VideoLAN security advisory...

Apple Releases Safari 4.0.5

Apple has released Safari 4.0.5 to address multiple vulnerabilities in ColorSync, ImageIO, PubSub, Safari, and WebKit. These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or bypass security restrictions...

Energizer DUO USB Battery Charger Software Allows Remote System Access

US-CERT is aware of a backdoor in the software for the Energizer DUO USB battery charger. This backdoor may allow a remote attacker to list directories, send and receive files, and execute programs on an affected system. The software, which has been discontinued, was available for both Windows an...

Microsoft Releases Security Advisory 979352

Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitatio...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2022-0492link is external Linux Kernel Improper Authentication Vulnerability CVE-2025-48595link is external Android Framework Integer Overflow Vulnerability The...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-49113link is external RoundCube Webmail Deserialization of Untrusted Data Vulnerability CVE-2025-68461link is external RoundCube Webmail Cross-site Scripti...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20805link is external Microsoft Windows Information Disclosure Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actor...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-8110link is external Gogs Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significan...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-54236link is external Adobe Commerce and Magento Improper Input Validation Vulnerability CVE-2025-59287link is external Microsoft Windows Server Update...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-8069link is external Citrix Session Recording Deserialization of Untrusted Data Vulnerability CVE-2024-8068link is external Citrix Session Recording...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-54309link is external CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558link is external Google Chromium ANGLE and GPU Improper Input...