4188 matches found
Google Releases Chrome 5.0.375.86
Google has released Chrome 5.0.375.86 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or conduct cross-site scripting attacks. US-CERT encourages users and administrators to review the Google Chrome Releases bl...
Microsoft Windows Help and Support Center Vulnerability
US-CERT is aware of a vulnerability affecting the Mircosoft Windows Help and Support Center. This vulnerability is due to improper sanitization of hcp:// URIs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands. US-CERT encourages users a...
Google Releases Chrome 4.1.249.1064
Google has released Chrome 4.1.249.1064 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or bypass the same origin policy in the browser. US-CERT encourages users and administrators to review the Google Chrome Releases blog ent...
Cisco Releases Security Advisory
Cisco has released a security advisory to address a vulnerability in Cisco Secure Desktop. Cisco Secure Desktop contains a vulnerable ActiveX control that may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Cisco security advisory...
VMware Releases Security Advisory VMSA-2010-0007
VMware has released security advisory VMSA-2010-0007 to address multiple vulnerabilities in VMware hosted products, vCENTER Server and ESX. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, obtain sensitive information, or cau...
Microsoft Re-Releases Security Bulletin MS10-015
Microsoft has re-released the security update described in Microsoft Security Bulletin MS10-015. This release contains an updated installation package that does not allow the security update to be installed on computers infected with malicious code. Microsoft has also released a Fix-It Tool to...
Microsoft Releases Security Advisory to Address VBScript Vulnerability
Microsoft has released a security advisory to address a vulnerability in VBScript. The advisory indicates that this vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. By convincing a user to view a specially crafted HTML document web page...
Google Releases Chrome 4.0.249.89
Google has released Chrome 4.0.249.89 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...
Microsoft Releases Cumulative Security Update for Internet Explorer
Microsoft has released Security Bulletin MS10-002 as a Cumulative Security Update for Internet Explorer. This update addresses multiple vulnerabilities that when exploited, may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Microsoft Security...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-35616link is external - Fortinet FortiClient EMS Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicious...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-3502link is external TrueConf Client Download of Code Without Integrity Check Vulnerability This type of vulnerability is a frequent attack vector for...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-3909link is external Google Skia Out-of-Bounds Write Vulnerability CVE-2026-3910link is external Google Chromium V8 Unspecified Vulnerability These types o...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-24858link is external Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability This type of vulnerability is a...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-14847link is external MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability This type of vulnerability is a frequent...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS Advisory. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-177-01 Mitsubishi Electric Air Conditioning Systems Update B CISA encourages users and administrators to...
NIST and CISA Release Draft Interagency Report on Protecting Tokens and Assertions from Tampering Theft and Misuse for Public Comment
The Cybersecurity and Infrastructure Security Agency CISA and National Institute of Standards and Technology NIST have released an initial draft of Interagency Report IR 8597 Protecting Tokens and Assertions from Forgery, Theft, and Misuse for public comment through January 30, 2026. This report ...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-20393link is external Cisco Multiple Products Improper Input Validation Vulnerability CVE-2025-40602link is external SonicWall SMA1000 Missing...
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-343-01 Universal Boot Loader U-Boot ICSA-25-343-02 Festo LX Appliance ICSA-25-343-03 Multiple India-Base...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-26828link is external OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability This type of vulnerability is a frequent attack vector fo...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-310-01 Advantech DeviceOn iEdge ICSA-25-310-02 Ubia Ubox ICSA-25-310-03 ABB FLXeon Controllers...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-11371link is external Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability CVE-2025-48703link is external CWP...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-43798link is external Grafana Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-20281link is external Cisco Identity Services Engine Injection Vulnerability CVE-2025-20337link is external Cisco Identity Services Engine Injection...
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-4427link is external Ivanti Endpoint Manager Mobile EPMM Authentication Bypass Vulnerability CVE-2025-4428link is external Ivanti Endpoint Manager Mobile EPMM...
Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities
Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475 within FortiGate products. This malicious file could enable read-only access to files on the device's file system, which may include...
Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457)
Ivanti released security updates to address vulnerabilities CVE-2025-22457 in Ivanti Connect Secure, Policy Secure & ZTA Gateways. A cyber threat actor could exploit CVE-2025-22457 to take control of an affected system. CISA has added CVE-2025-22457 to its Known Exploited Vulnerabilities Catalog...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24813link is external Apache Tomcat Path Equivalence Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Releases Thirteen Industrial Control Systems Advisories
CISA released thirteen Industrial Control Systems ICS advisories on March 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-072-01 Siemens Teamcenter Visualization and Tecnomatrix Plant Simulation...
CISA and Partners Release Advisory on Ghost (Cring) Ransomware
Today, CISA—in partnership with the Federal Bureau of Investigation FBI and Multi-State Information Sharing and Analysis Center MS-ISAC—released a joint Cybersecurity Advisory, StopRansomware: Ghost Cring Ransomware. This advisory provides network defenders with indicators of compromise IOCs,...
CISA Releases Best Practice Guidance for Mobile Communications
Today, CISA released Mobile Communications Best Practice Guidance. The guidance was crafted in response to identified cyber espionage activity by People’s Republic of China PRC government-affiliated threat actors targeting commercial telecommunications infrastructure, specifically addressing...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28461link is external Array Networks AG and vxAG ArrayOS Improper Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on October 31, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-305-01 Rockwell Automation FactoryTalk ThinManager ICSA-24-030-02 Mitsubishi Electric...
Microsoft Releases July 2024 Security Updates
Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft...
CISA and FBI Release Advisory on ALPHV Blackcat Affiliates
Today, CISA and the Federal Bureau of Investigation FBI released a joint Cybersecurity Advisory CSA, StopRansomware: ALPHV Blackcat, to disseminate known ALPHV Blackcat affiliates’ tactics, techniques, and procedures TTPs and indicators of compromise IOCs identified through FBI investigations as...
CISA Removes One Known Exploited Vulnerability From Catalog
CISA is continually collaborating with partners across government and the private sector. As a result of this collaboration, CISA has concluded that there is insufficient evidence to keep the following CVE in the catalog and has removed it: CVE-2022-28958 DIR-816L Remote Code Execution...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-6345 Google Skia Integer Overflow Vulnerability CVE-2023-49103 ownCloud graphapi Information Disclosure Vulnerability These types of vulnerabilities are freque...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29552 Service Location Protocol SLP Denial-of-Service Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pos...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-41991 Apple Multiple Products Improper Certificate Validation Vulnerability CVE-2023-41992 Apple Multiple Products Kernel Privilege Escalation Vulnerability...
CISA Adds One Known Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-26369 Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Adds One Known Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-33246 Apache RocketMQ Command Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant...
CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
The Cybersecurity and Infrastructure Security Agency CISA has released an update to a previously published Cybersecurity Advisory CSA, Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to warn network defenders of critical infrastructure organizations...
Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved
Juniper Networks has released a security advisory to address a vulnerability for Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Juniper’s Support Portallink is external...
CISA’s VDP Platform 2022 Annual Report Showcases Success
Today, the Cybersecurity and Infrastructure Security Agency CISA released its inaugural Vulnerability Disclosure Policy VDP Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal Civilian Executive Branch FCEB. This...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on July 20, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-201-01 Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly...
CISA Releases ESXiArgs Ransomware Recovery Script
CISA has released a recovery script for organizations that have fallen victim to ESXiArgs ransomware. The ESXiArgs ransomware encrypts configuration files on vulnerable ESXi servers, potentially rendering virtual machines VMs unusable. CISA recommends organizations impacted by ESXiArgs evaluate t...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on February 7, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical...
Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms
Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms. CISA encourages users and administrators...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on January 10, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
Mozilla Releases Security Updates for Thunderbird and Firefox
Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s security advisories for Thunderbird 102.6,...