Broadcom Software Discloses APT Actors Deploying Daxin Malware in Global Espionage Campaign

Broadcom Software—an industry member of CISA’s Joint Cyber Defense Collaborative JCDC—uncovers an advanced persistent threat APT campaign against select governments and other critical infrastructure targets in a publication titled Daxin: Stealthy Backdoor Designed for Attacks Against Hardened...

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Security Advisories webpage and apply the...

OpenSSL Releases Security Update

OpenSSL has released a security update to address vulnerabilities affecting versions 1.1.1–1.1.1j. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary updat...

Apple Releases Security Updates

Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple security pages...

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Exim Releases Security Update

Exim has released a security update to address a vulnerability affecting Exim versions 4.92 to 4.92.2. A remote attacker could exploit this vulnerability to take control of an affected email server. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

ISC Releases BIND Security Updates

The Internet Systems Consortium ISC has released updates that address a vulnerability in versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Adobe Releases Security Updates for Reader, Acrobat, and Flash Player

Adobe has released security updates to address multiple vulnerabilities in Reader, Acrobat, and Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletins...

Security Advisory for Adobe Flash Player

Adobe has released Flash Player desktop version 16.0.0.296 to address a critical vulnerability CVE-2015-0311 in 16.0.0.287 and earlier versions for Windows and Macintosh. This vulnerability could allow an attacker to take control of the affected system. Users and administrators are encouraged to...

Security Updates Available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of an affected system. Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20182link is external Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vector for malicio...

CISA Releases Three Industrial Control Advisories

CISA has released three 3 Industrial Control Systems ICS advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories f...

Samba Releases Security Updates 

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba Security Announcements...

Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager

Microsoft has released a security update to address a vulnerability in Microsoft Endpoint Configuration Manager, versions 2103-2207. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Owl Labs Releases Security Updates for Meeting Owl Pro and Whiteboard Owl

Owl Labs has released security updates to address a vulnerability CVE-2022-31460 in Meeting Owl Pro and Whiteboard Owl. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review the Owl Labs security advisories for Meeting Owl...

ISC Releases Security Advisory for BIND

The Internet Systems Consortium ISC has released a security advisory that addresses a vulnerability affecting version 9.18.0 of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrato...

CISA Releases Security Advisory for Philips Vue PAC Products

CISA has released an Industrial Controls Systems ICS Medical Advisory detailing multiple vulnerabilities in multiple Philips Clinical Collaboration Platform Portal officially registered as Vue PACS products. An attacker could exploit some of these vulnerabilities to take control of an affected...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...

Google Releases Security Updates for Chrome

Google has released Chrome Version 88.0.4324.150 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary updates. This...

Palo Alto Releases Security Updates for PAN-OS

Palo Alto Networks has released security updates to address a vulnerability affecting the use of Security Assertion Markup Language in PAN-OS. An unauthenticated attacker with network access could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure...

ISC Releases Security Advisory for BIND

The Internet Systems Consortium ISC has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructur...

Microsoft Releases Security Advisory for Microsoft XML Core Services

Microsoft has released Security Advisory 2719615 to address a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted web pages using Internet Explorer. According to the advisory,...

Russian State-Sponsored Actors Target Cleared Defense Contractor Networks

CISA, the Federal Bureau of Investigation FBI, and the National Security Agency NSA have released a joint Cybersecurity Advisory CSA highlighting regular targeting of U.S. cleared defense contractors CDCs by Russian state-sponsored cyber actors. These CDCs support contracts for the U.S. Departmen...

CISA Releases Security Advisory for Airspan Networks Mimosa

CISA has released an Industrial Controls Systems Advisory ICSA that details vulnerabilities in the Airspan Networks Mimosa product line. An attacker could exploit these vulnerabilities to achieve remote code execution, create a denial-of-service condition, or obtain sensitive information. CISA...

Samba Releases Security Update

The Samba Team has released a security update to address a vulnerability in multiple versions of Samba. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Samba Security Announcement CVE-2021-43566 and apply the...

CISA Releases Advisory on ZOLL Defibrillator Dashboard

CISA has released an Industrial Controls Systems ICS Medical Advisory on multiple vulnerabilities in the ZOLL Defibrillator Dashboard. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the ICS...

ISC Releases Security Advisory for BIND

The Internet Systems Consortium ISC has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and...

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Samba Security Announcements for...

Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software

Cisco has released a security advisory on a Telnet vulnerability—CVE-2020-10188—affecting Cisco IOS XE devices. A remote attacker could exploit this vulnerability to take control of an affected system. The advisory contains workarounds as well as indicators of compromise. The Cybersecurity and...

Exim Releases Security Patches

Exim has released patches to address vulnerabilities affecting Exim 4.92.1 and prior versions. A remote attacker could exploit this vulnerability to take control of an affected email server. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review th...

Microsoft Releases Security Update for Windows Elevation of Privilege Vulnerability

Microsoft has released a security update to address an elevation of privilege vulnerability CVE-2019-1162 in Windows. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...

Mozilla Releases Security Updates

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57.0.2 and ESR...

IRS Warns Tax Professionals of New Scam to Steal Passwords

The Internal Revenue Service IRS, acting in concert with state tax agencies and the tax industry, has issued an IRS Security Summit Alert for tax professionals to beware of a new phishing email scam. Scam operators often use fraudulent e-mails to entice their targets to reveal login credentials...

Oracle Releases Security Update for Java SE

Oracle has released Java SE 8u77 to address a vulnerability in prior versions of the software. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle security alert and apply the necessary...

CISA Adds Five Known Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-21608 Adobe Acrobat and Reader Use-After-Free Vulnerability CVE-2023-20109 Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerabilit...

NSA Releases Network Infrastructure Security Guidance

The National Security Agency NSA has released a new Cybersecurity Technical Report CTR: Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter an...

CISA Publishes Infographic on Layering Network Security Through Segmentation

CISA has published an infographic to emphasize the importance of implementing network segmentation—a physical or virtual architectural approach that divides a network into multiple segments, each acting as its own subnetwork, to provide additional security and control that can help prevent or...

CISA Releases Security Advisory for ThroughTek Kalay P2P SDK

CISA has released an Industrial Control Systems ICS advisory detailing a vulnerability affecting several versions of ThroughTek Kalay P2P Software Development Kit SDK. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrator...

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates addressing a vulnerability affecting Firefox and Firefox ESR. An attacker can take advantage of this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisory for Firefox 85.0.1 and...

Google Releases Security Updates for Chrome

Google has released Chrome version 87.0.4280.141 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary updates. This...

Samba Releases Security Updates

The Samba Team has released security updates to address a vulnerability in all versions of Samba from 4.9.0 onward. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Microsoft Releases Security Update

Microsoft has released a security update to address a vulnerability in the Microsoft Malware Protection Engine. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Microsoft Security Advisory and apply t...

VMWare Releases Security Updates

VMware has released a security update to address vulnerabilities in vSphere Hypervisor ESXi, Workstation Pro, Workstation Player, Fusion, and Tools. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and...

Oracle Releases Security Updates for Java

Oracle has released security updates to address a vulnerability in Java SE versions 6, 7, and 8 for Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle security alert and apply...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Updated June 5, 2025 CISA is continually collaborating with partners across government and the private sector. Through this collaboration, CISA learned that CVE-2025-4664 has not been exploited and there is insufficient evidence to keep this CVE on the KEV and that the best course of action is to...

CISA Releases Three Industrial Control Systems Advisories

CISA has released three 3 Industrial Control Systems ICS advisories on December 13, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories...

CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network

Today, CISA and the Federal Bureau of Investigation FBI published a joint Cybersecurity Advisory CSA, Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch...

CISA Releases Security Advisory for Honeywell Experion and ACE Controllers

CISA has released an Industrial Controls Systems ICS advisory detailing multiple vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers. A remote attacker could exploit some of these vulnerabilities to take control of an affect...