Adobe Releases Security Bulletin for Critical Vulnerabilities in Shockwave Player

Adobe has released security bulletin APSB11-17 to alert users of critical vulnerabilities in Adobe Shockwave Player 11.5.9.620 and earlier versions on the Windows and Macintosh operating systems. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT...

Video Game Phishing

US-CERT is aware of reports that some users on the Xbox 360 video game system are receiving potential phishing attempts through an in-game messaging service. In-game message phishing is not a Microsoft issue and has nothing to do with Xbox LIVE. Games are products of third party developers that a...

Microsoft Releases Advance Notification for April Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating its April release will contain 17 bulletins. Nine of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer and Office. The remaining bulletins will have the severity...

Adobe Releases Security Updates for Reader and Acrobat

Adobe has released updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address a vulnerability in the authplay.dll component. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe...

Apple Releases iTunes 10.2

Apple has released iTunes 10.2 to address multiple vulnerabilities affecting the ImageIO, libxml, and WebKit packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to revie...

Google Releases Chrome 9.0.597.107

Google has released Chrome 9.0.597.107 for all platforms to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome...

Cisco Releases Security Advisory for Tandberg E, EX, and C Series Endpoints

Cisco has released a security advisory to address a vulnerability in the Tandberg C Series Endpoints and E/EX Personal Video units running software versions prior to TC4.0.0. This vulnerability may allow an attacker to gain administrative access to the device. US-CERT encourages users and...

Apple Releases Mac OS X v10.6.6

Apple has released Mac OS X v10.6.6 to address a vulnerability affecting PackageKit. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4498 and apply any...

Microsoft WMI Administrative Tool ActiveX Control Vulnerability

US-CERT is aware of a vulnerability affecting the WBEMSingleView.ocx ActiveX control. This control is part of the Microsoft WMI Administrative Tools package. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to set the...

Microsoft Releases December Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and Exchange as part of the Microsoft Security Bulletin Summary for December 2010. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated...

WordPress Releases Version 3.0.3

WordPress has released WordPress 3.0.3 to address a vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.0.3 and apply any necessary updates to hel...

Apple Releases QuickTime 7.6.9

Apple has released QuickTime 7.6.9 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and administrators to review Apple article...

WordPress Releases WordPress 3.0.2

WordPress has released WordPress 3.0.2 to address a vulnerability that may allow a malicious Author-level user to gain further access to the site, to fix multiple software bugs, and to provide additional security enhancements. US-CERT encourages users and administrators to review the WordPress bl...

Adobe Releases Security Update for Shockwave Player

Adobe has released a security update for Shockwave Player to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe security bulletin APSB10-25 and apply any necessary updates to help...

Linux Root Access Vulnerabilities

US-CERT is aware of public reports of multiple vulnerabilities affecting Linux. Exploitation of these vulnerabilities may allow an attacker to access the system with root or "superuser" privileges. The first of these vulnerabilities is due to a flaw in the implementation of the Reliable Datagram...

Apple Releases Java for Mac OS X 10.5 Update 8 and Java for Mac OS X 10.6 Update 3

Apple has released Java for Mac OS X 10.5 update 8 and Java for Mac OS X 10.6 update 3 to address multiple vulnerabilities affecting the Java package. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages...

Microsoft Releases Security Bulletin MS10-070

Microsoft has released Microsoft Security Bulletin MS10-070 to address a vulnerability affecting ASP.NET. Exploitation of this vulnerability may allow an attacker to obtain sensitive information or tamper with data. US-CERT encourages users and administrators to review Microsoft Security Bulletin...

Apple Releases Security Update 2010-006

Apple has released security update 2010-006 for Mac OS X and Mac OS X Server to address a vulnerability in the AFP package. This vulnerability may allow an attacker to bypass password validation and obtain sensitive information. The article indicates that this vulnerability does not affect system...

Microsoft Releases Security Advisory 2416728

Microsoft has released a security advisory to alert users of a vulnerability affecting ASP.NET. Exploitation of this vulnerability may allow an attacker to obtain sensitive information or tamper with data. US-CERT encourages administrators to review Microsoft security advisory 2416728 and apply a...

Apple Releases iTunes 10

Apple has released iTunes 10 to address multiple vulnerabilities affecting the WebKit package. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4328 and apply any...

Google Releases Chrome 5.0.375.126

Google has released Chrome 5.0.375.126 for Linux, Mac, and Windows. Chrome 5.0.375.126 contains an updated version of the Flash plugin which addresses multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and...

Adobe Releases Security Update for Flash Player

Adobe has released Flash Player 10.1.82.76 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. This vulnerability also affects Adobe Air 2.0.2.12310 and earlier versions. US-CERT encourages users and...

Cisco Releases Security Advisory for Firewall Services Module

Cisco has released a security advisory to address multiple vulnerabilities in the Cisco Firewall Services Module. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review Cisco security advisory...

Apple Releases Security Update 2010-004 and Mac OS X v10.6.4

Apple has released Security Update 2010-004 and Mac OS X v10.6.4 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with elevated privileges, conduct...

Microsoft Releases June Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and .NET Framework as part of the Microsoft Security Bulletin Summary for June 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevate...

Microsoft Releases May Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, and Visual Basic for Applications as part of the Microsoft Security Bulletin Summary for May 2010. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and...

Foxit Releases Foxit Reader 3.3

The Foxit Corporation has released Foxit Reader 3.3 for Windows. This release of Foxit Reader contains a component called Trust Manager. Foxit Reader release notes indicate that the Trust Manager enables users to allow or deny unauthorized actions and data transmission, including URL connection,...

Opera Software Releases Opera 10.53

Opera Software has released Opera 10.53 to address a vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Opera Software security advisory related to this vulnerability and upgrade to Opera 10....

Microsoft Revokes Security Update

The Microsoft Security Response Center has posted a blog entry indicating that it has revoked the update related to Microsoft security bulletin MS10-025 because it does not effectively correct the underlying vulnerability. This vulnerability affects Windows Media Services running on Windows 2000...

Foxit Reader 3.2.1.0401 Released

The Foxit Corporation has released Foxit Reader 3.2.1.0401 to address a critical vulnerability. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Foxit notice regarding the release a...

Apple Releases Security Update 2010-002 and Mac OS X v10.6.3

Apple has released Security Update 2010-002 and Mac OS X v10.6.3 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, bypass security...

Cisco Releases Security Advisories for IOS Software

Cisco has released a bundled publication, which contains seven security advisories, to address multiple vulnerabilities in Cisco IOS Software. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators ...

Mozilla Releases Firefox 3.6.2

The Mozilla Foundation has released Firefox 3.6.2 to address multiple security issues, including a critical vulnerability that may allow a remote attacker to execute arbitrary code. US-CERT encourages users and administrators to do the following to help mitigate the risks: Review the Firefox 3.6....

Adobe Releases Security Bulletins for Acrobat, Reader, and Flash Player

Adobe has released two security bulletins to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player. The first bulletin, APSB10-06, is a security update for Adobe Flash Player and Adobe AIR that addresses a critical vulnerability. Exploitation of these vulnerabilities may allow an...

Cisco Releases Security Advisory for Unified MeetingPlace

Cisco has released a security advisory to address multiple vulnerabilities in Unified MeetingPlace. These vulnerabilities may allow a remote, unauthenticated attacker to obtain sensitive information, manipulate configuration data, create unauthorized accounts, operate with elevated privileges or...

IRS Warns of Online Scams

US-CERT is aware of reports of tax season phishing scams. The U.S. Internal Revenue Service has issued a news release on its website warning consumers about potential scams. These scams are circulating via fraudulent email or other online messages appearing to come from the IRS. They attempt to...

Oracle Releases Critical Patch Update for January 2010

Oracle has released its Critical Patch Update for January 2010 to address 24 vulnerabilities across several products. This update contains the following security fixes: 10 for Oracle Database 3 for Oracle Application Server 3 for the Oracle Applications Suite 1 for PeopleSoft and JD Edwards Suite...

VMware Releases Multiple Updates for ESX

VMware has released Security Advisory VMSA-2010-0001 to address multiple vulnerabilities in ESX Service Console packages for Network Security Services NSS and NetScape Portable Runtime NSPR. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2009-0238link is external Microsoft Office Remote Code Execution Vulnerability CVE-2026-32201link is external Microsoft SharePoint Server Improper Input...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-3055link is external Citrix NetScaler Out-of-Bounds Read Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-31125link is external Vite Vitejs Improper Access Control Vulnerability CVE-2025-34026link is external Versa Concerto Improper Authentication Vulnerabilit...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-6218link is external RARLAB WinRAR Path Traversal Vulnerability CVE-2025-62221link is external Microsoft Windows Use After Free Vulnerability These types o...

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2010-3765link is external Mozilla Multiple Products Remote Code Execution Vulnerability CVE-2010-3962link is external Microsoft Internet Explorer Uninitialize...

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2014-6278link is external GNU Bash OS Command Injection Vulnerability CVE-2015-7755link is external Juniper ScreenOS Improper Authentication Vulnerability...

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on July 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-205-01 Mitsubishi Electric CNC Series ICSA-25-205-02 Network Thermostat X-Series WiFi...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2014-3931link is external Multi-Router Looking Glass MRLG Buffer Overflow Vulnerability CVE-2016-10033link is external PHPMailer Command Injection Vulnerabilit...

Ivanti Releases Security Updates for Multiple Products

Ivanti released security updates to address vulnerabilities in Ivanti Avalanche, Ivanti Application Control Engine, and Ivanti EPM. CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates: Ivanti Avalanchelink is...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-14933link is external NUUO NVRmini Devices OS Command Injection Vulnerability CVE-2022-23227link is external NUUO NVRmini 2 Devices Missing Authentication...

Citrix Releases Security Updates for NetScaler and Citrix Session Recording

Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-9537link is external ScienceLogic SL1 Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...