4188 matches found
Apache Releases Security Updates for Apache Tomcat
The Apache Software Foundation has released security updates to address a vulnerability in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90. A remote attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrator...
Samba Releases Security Updates
The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Samba Security Announcements for CVE-2018-1050 an...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. These include a critical vulnerability CVE-2015-5119 in Adobe Flash Player 18.0.0.194 and earlier versions. Adobe is aware of a report that an exploit targeting CVE-2015-5119...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20182link is external Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vector for malicio...
CISA Has Added One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address a vulnerability CVE-2022-32893 in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation. Exploitation of this vulnerability could allow an attacker to take control of affected device. CISA encourages...
CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise
CISA has released an analysis report, AR21-134A Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise. The report provides detailed steps for affected organizations to evict the adversary from compromised on-premises and cloud environments. Additionally,...
Citrix Releases Security Updates for Hypervisor
Citrix has released security updates to address vulnerabilities in Hypervisor formerly XenServer. An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX306565 and apply the...
North Korean Malicious Cyber Activity: AppleJeus
CISA, the Federal Bureau of Investigation, and the Department of the Treasury have released a Joint Cybersecurity Advisory and seven Malware Analysis Reports MARs on the North Korean government’s dissemination of malware that facilitates the theft of cryptocurrency—referred to by the U.S...
NCIJTF Releases Ransomware Factsheet
The National Cyber Investigative Joint Task Force NCIJTF has released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques. The Ransomware Factsheet was developed by an interagency group of subject matter experts...
Google Releases Security Updates for Chrome
Google has released Chrome version 86.0.4240.198 for Windows, Mac, and Linux. This version addresses CVE-2020-16013 and CVE-2020-16017. An attacker could exploit one of these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. T...
Apache Releases Security Updates for Apache Tomcat
The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Apache...
Cisco Releases Security Advisory for DVMRP Vulnerability in IOS XR Software
Cisco has released a security advisory on a vulnerability—CVE-2020-3566—in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR software. This vulnerability affects Cisco devices running IOS XR software that have an active interface configured under multicast routing. A...
Apache Releases Security Advisory for Apache Tomcat
The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
NSA Releases Guidance on Mitigating Cloud Vulnerabilities
The National Security Agency NSA has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures. The Cybersecurity and Infrastructure Security Agenc...
Apache Releases Security Advisory for Apache Struts
The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected. NCCIC...
Apache Releases Security Update for Apache Tomcat JK Connectors
The Apache Software Foundation has released a security update to address a vulnerability affecting Apache Tomcat JK Connectors 1.2.0 to 1.2.44. A remote attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC encourages users and administrators to review the...
ISC Releases Security Advisories for DHCP, BIND
The Internet Systems Consortium ISC has released updates or workarounds that address vulnerabilities in versions of ISC Dynamic Host Configuration Protocol DHCP and Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-352-01 Inductive Automation Ignition ICSA-25-352-02 Schneider Electric EcoStruxure Foxboro DCS Advisor...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in the VMware Carbon Black App Control management server as well as VMware Tools for Windows, VMware Remote Console for Windows, and VMware App Volumes. An attacker could exploit these vulnerabilities to take control of an affected...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
MS-ISAC Releases Advisory on DrayTek Devices
The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory regarding two vulnerable command injection points in DrayTek devices CVE-2020-8515. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in...
NCSC-NZ Releases Cyber Governance Resource for Leaders
The New Zealand National Cyber Security Centre NCSC-NZ has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance—a series of documents with...
ISC Releases BIND Security Updates
The Internet Systems Consortium ISC has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA...
Samba Releases Security Updates
The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit any of these vulnerabilities to obtain access to potentially sensitive information. US-CERT encourages users and administrators to review the Samba Security Announcements for...
Enhanced Analysis of GRIZZLY STEPPE
The Department of Homeland Security DHS has released an Analysis Report AR related to malicious cyber activity designated as GRIZZLY STEPPE. This AR provides a thorough analysis of the methods threat actors use to infiltrate systems, as well as specific mitigation techniques that may be used to...
ISC dhclient Vulnerability
The Internet Systems Consortium ISC has released an advisory to address a vulnerability in its dhclient application. This vulnerability may allow a remote attacker to execute arbitrary code on the client machine. US-CERT encourages administrators of this product to review the ISC advisory. Users ...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added...
ISC Releases Security Advisories for Multiple Versions of BIND 9
The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain BIND 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. For advisories...
NSA Releases Network Infrastructure Security Guidance
The National Security Agency NSA has released a new Cybersecurity Technical Report CTR: Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter an...
CISA Announces Vulnerability Disclosure Policy (VDP) Platform
CISA has announced the establishment of its Vulnerability Disclosure Policy VDP Platform for the federal civilian enterprise, which will allow the Federal Civilian Executive Branch to coordinate with the civilian security research community in a streamlined fashion. The VDP Platform provides a...
CISA Begins Cataloging Bad Practices that Increase Cyber Risk
In a blog post by Executive Assistant Director EAD Eric Goldstein, CISA announced the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critic...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Samba Securi...
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-7399link is external Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57726link is external SimpleHelp Missing Authorization Vulnerability...
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps
The purpose of this Alert is to amplify Poland’s Computer Emergency Response Team CERT Polska’s Energy Sector Incident Report published on Jan. 30, 2026, and highlight key mitigations for Energy Sector stakeholders. In December 2025, a malicious cyber actors targeted and compromised operational...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on August 12, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-224-01 Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share ICSA-25-224-02 Johns...
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38213...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla Security Advisories for Firefox 85,...
CERT/CC Reports Vulnerability in Universal Plug and Play Protocol
The CERT Coordination Center CERT/CC has released information on a vulnerability—CVE-2020-12695—affecting versions of the Universal Plug and Play UPnP protocol released before April 17, 2020. UPnP protocol allows networked devices to discover and connect with each other. A remote attacker could...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Mozilla Releases Security Update for Thunderbird
Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Mozilla Security...
Microsoft Releases Out-of-Band Security Updates
Microsoft has released out-of-band security updates to address a vulnerability in Internet Explorer 9, 10, and 11. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The National Cybersecurity and...
CISA Adds Four Known Exploited Vulnerabilities to Catalog
Updated November 8, 2024 CISA has removed the following vulnerability from its Known Exploited Vulnerabilities Catalog, due to a transcription error: CVE-2021-4043link is external Motion Spell GPAC Null Pointer Dereference Vulnerability End of Update CISA has added four new vulnerabilities to its...
Exim Releases Security Update
Exim has released a security update to address a vulnerability affecting Exim versions 4.92 to 4.92.2. A remote attacker could exploit this vulnerability to take control of an affected email server. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Security Updates Available for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of an affected system. Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in...
Microsoft Releases Security Advisory for Microsoft XML Core Services
Microsoft has released Security Advisory 2719615 to address a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted web pages using Internet Explorer. According to the advisory,...
Microsoft Releases June Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Lync, and Dynamics AX as part of the Microsoft Security Bulletin Summary for June 2012. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-42897link is external Microsoft Exchange Server Cross-Site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware
Today, CISA and the Federal Bureau of Investigation FBI released a joint Cybersecurity Advisory CSA, Known Indicators of Compromise Associated with Androxgh0st Malware, to disseminate known indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with threat actors...