Google Releases Update for Chrome

Google has released Google Chrome 33.0.1750.146 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to compromise a vulnerable system. US-CERT encourages users and administrators to review the Google Chrome Release blog ent...

WordPress Releases Update for WordPress 3.7

WordPress has released WordPress 3.7 “Basie” for all previous versions. This version has been devised to automatically update with the latest maintenance and security releases, making the process more reliable and secure, with dozens of new checks and safeguards. WordPress 3.7 also updates the...

Oracle Releases Critical Patch Update for July 2012

Oracle has released its Critical Patch Update for July 2012 to address 87 vulnerabilities across multiple products. This update contains the following security fixes: 4 for Oracle Database Server 1 for Oracle Application Express Listener 2 for Oracle Secure Backup 22 for Oracle Fusion Middleware ...

Microsoft Releases December Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for December 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges...

Apple Releases Safari 5.0.4

Apple has released Safari 5.0.4 to address multiple vulnerabilities in the ImageIO, libxml, and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or conduct cross-site scripting attacks. US-CE...

Microsoft Releases March Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for March 2011. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the bulletin an...

Adobe Releases Security Updates for Reader and Acrobat

Adobe has released security updates for Reader and Acrobat for Windows and Macintosh. These updates address multiple vulnerabilities including those described in security advisory APSA10-05, a recent Adobe PSIRT blog entry, and security bulletin APSB10-26. Exploitation of these vulnerabilities ma...

Mozilla Releases Firefox 3.6.11

The Mozilla Foundation has released Firefox 3.6.11 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, or cause a denial-of-service condition. The Mozilla Foundation has also released Firefox 3.5.14 to address...

Mozilla Releases Firefox 3.5.13 and 3.6.10

The Mozilla Foundation has released Firefox 3.5.13 and 3.6.10 to address a stability issue affecting some users. US-CERT encourages users and administrators to review the release notes for Firefox 3.5.13 and Firefox 3.6.10 and apply any necessary updates to mitigate the issue. This product is...

Adobe Releases Flash 10.1

Adobe has released a Security Bulletin to address vulnerabilities in Adobe Flash Player 10.0.45.2 and earlier versions and in Adobe AIR 1.5.3.9130 and earlier versions. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition...

Microsoft Releases March Security Bulletin

Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for March 2010. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the bulletins...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-45247link is external Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-6973link is external Ivanti Endpoint Manager Mobile EPMM Improper Input Validation Vulnerability This type of vulnerability is a frequent attack vector for...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-41940link is external WebPros cPanel & WHM and WP2 WordPress Squared Missing Authentication for Critical Function Vulnerability This type of vulnerability is...

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2012-1854link is external Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability CVE-2020-9715link is external Adobe Acrobat...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-1340link is external Ivanti Endpoint Manager Mobile EPMM Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-43468link is external Microsoft Configuration Manager SQL Injection Vulnerability CVE-2025-15556link is external Notepad++ Download of Code Without...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-14733link is external WatchGuard Firebox Out-of-Bounds Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors...

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-350-01 Güralp Systems FMUS Fortimus Series and MIN Minimus Series ICSA-25-350-02 Johnson Controls PowerG,...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-14174link is external Google Chromium Out-of-Bounds Memory Access Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2018-4063link is external Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability This type of vulnerability is a frequent...

Opportunistic Pro-Russia Hacktivists Attack US and Global Critical Infrastructure

CISA, in partnership with Federal Bureau of Investigation, the National Security Agency, Department of Energy, Environmental Protection Agency, the Department of Defense Cyber Crime Center, and other international partners published a joint cybersecurity advisory, Pro-Russia Hacktivists Create...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-338-01 Mitsubishi Electric GX Works2 ICSA-25-338-02 MAXHUB Pivot ICSA-25-338-03 Johnson Controls OpenBlue...

CISA, Australia, and Partners Author Joint Guidance on Securely Integrating Artificial Intelligence in Operational Technology

CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international partners, have released new cybersecurity guidance: Principles for the Secure Integration of Artificial Intelligence in Operational Technology. This guidance aims to hel...

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-336-01 Industrial Video & Control Longwatch ICSA-25-336-02 Iskra iHUB and iHUB Lite ICSMA-25-336-01 Mirio...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-26829link is external OpenPLC ScadaBR Cross-site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors an...

​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​

CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications apps.1 These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app...

CISA and Partners Release Advisory Update on Akira Ransomware

Today, Cybersecurity and Infrastructure Security Agency CISA, in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, StopRansomware:...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-21042link is external Samsung Mobile Devices Out-of-Bounds Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-308-01 Fuji Electric Monitouch V-SFT-6 ICSA-25-308-02 Survision License Plate Recognition Camera...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-303-01 International Standards Organization ISO 15118-2 ICSA-25-303-02 Hitachi Energy TropOS CISA encourages users an...

CISA Releases Thirteen Industrial Control Systems Advisories

CISA released thirteen Industrial Control Systems ICS advisories on October 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-289-01 Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-5086link is external Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector f...

CISA Issues ED 25-02: Mitigate Microsoft Exchange Vulnerability

Today, CISA issued Emergency Directive ED 25-02: Mitigate Microsoft Exchange Vulnerability in response to CVE-2025-53786link is external, a vulnerability in Microsoft Exchange server hybrid deployments. ED 25-02 directs all Federal Civilian Executive Branch FCEB agencies with Microsoft Exchange...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-49704link is external Microsoft SharePoint Code Injection Vulnerability CVE-2025-49706link is external Microsoft SharePoint Improper Authentication...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-34028link is external Commvault Command Center Path Traversal Vulnerability CVE-2024-58136link is external Yiiframework Yii Improper Protection of Alternate Pa...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-31200link is external Apple Multiple Products Memory Corruption Vulnerability CVE-2025-31201link is external Apple Multiple Products Arbitrary Read and Write...

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems ICS advisories on March 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-079-01 Schneider Electric EcoStruxure™ ICSA-25-079-02 Schneider Electric Enerlin’X IFE...

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems ICS advisories on January 21, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-021-01 Traffic Alert and Collision Avoidance System TCAS II ICSA-25-021-02 Siemens...

CISA Releases Seven Industrial Control Systems Advisories

CISA released seven Industrial Control Systems ICS advisories on December 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-345-01 MOBATIME Network Master Clock ICSA-24-345-02 Schneider Electric EcoStruxure...

Apple Releases Security Updates for Multiple Products

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: i...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on November 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-324-01 Mitsubishi Electric MELSEC iQ-F Series CISA encourages users and administrators ...

Microsoft Releases November 2024 Security Updates

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft...

Best Practices to Configure BIG-IP LTM Systems to Encrypt HTTP Persistence Cookies

CISA has observed cyber threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager LTM module to enumerate other non-internet facing devices on the network. F5 BIG-IP is a suite of hardware and software solutions designed to manage and secure network...

ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises

Today, the Australian Signals Directorate Australian Cyber Security Centre ASD ACSC, the Cybersecurity and Infrastructure Security Agency CISA, and other U.S. and international partners released the joint guide Detecting and Mitigating Active Directory Compromiseslink is external. This guide...

Citrix Releases Security Updates for XenServer and Citrix Hypervisor

Citrix released security updates to address multiple vulnerabilities in XenServer and Citrix Hypervisor. A cyber threat actor could exploit some of these vulnerabilities to cause a denial of service condition. CISA encourages users and administrators to review the following and apply necessary...

CISA Releases Eight Industrial Control Systems Advisories

CISA released eight Industrial Control Systems ICS advisories on September 24, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-268-01 OPW Fuel Management Systems SiteSentinel ICSA-24-268-02 Alisonic Sibylla...

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems ICS advisories on September 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-261-01 Siemens SIMATIC S7-200 SMART Devices ICSA-24-261-02 Millbeck Communications...

New CISA Plan Aligns Federal Agencies in Cyber Defense

Today, the Cybersecurity and Infrastructure Security Agency CISA released the Federal Civilian Executive Branch FCEB Operational Cybersecurity Alignment FOCAL Plan. Developed in collaboration with FCEB agencies, this plan provides standard, essential components of enterprise operational...

Microsoft Releases September 2024 Security Updates

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft...