4188 matches found
Microsoft Releases February Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for February 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-35273link is external Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability This type of vulnerability is a...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-9082link is external Drupal Core SQL Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-1708link is external ConnectWise ScreenConnect Path Traversal Vulnerability CVE-2026-32202link is external Microsoft Windows Protection Mechanism Failure...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-34197link is external Apache ActiveMQ Improper Input Validation Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber acto...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-364-01: WHILL C2 Wheelchairs ICSA-25-345-03: AzeoTech DAQFactory Update A CISA encourages users and...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-324-01 Automated Logic WebCTRL Premium Server ICSA-25-324-02 ICAM365 CCTV Camera Multiple Models...
CISA Releases 18 Industrial Control Systems Advisories
CISA released 18 Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-317-01 Mitsubishi Electric MELSEC iQ-F Series ICSA-25-317-02 AVEVA Application Server IDE ICSA-25-317-03...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-9242link is external WatchGuard Firebox Out-of-Bounds Write Vulnerability CVE-2025-12480link is external Gladinet Triofox Improper Access Control...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-6204link is external Dassault Systèmes DELMIA Apriso Code Injection Vulnerability CVE-2025-6205link is external Dassault Systèmes DELMIA Apriso Missing...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-61932link is external Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability This type of vulnerability is ...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on October 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-287-01 Rockwell Automation 1715 EtherNet/IP Comms Module CISA encourages users and...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS Advisories on October 9, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-282-01 Hitachi Energy Asset Suite ICSA-25-282-02 Rockwell Automation Lifecycle Service...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on October 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-280-01 Delta Electronics DIAScreen ICSA-25-226-31 Rockwell Automation 1756-EN4TR,...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on October 2, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-275-01 Raise3D Pro2 Series 3D Printers ICSA-25-275-02 Hitachi Energy MSM Product CISA...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on September 23, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-266-01 AutomationDirect CLICK PLUS ICSA-25-266-02 Mitsubishi Electric MELSEC-Q Serie...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS advisories on September 18, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-261-01 Westermo Network Technologies WeOS 5 ICSA-25-261-02 Westermo Network...
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems ICS advisories on September 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-259-01 Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2023-50224link is external TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability CVE-2025-9377link is external TP-Link Archer C7EU and TL-WR841N/NDM...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2020-24363link is external TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability CVE-2025-55177link is external Meta Platforms WhatsApp...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS advisories on August 28, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-240-01 Mitsubishi Electric MELSEC iQ-F Series CPU Module ICSA-25-240-02 Mitsubishi...
CISA and Partners Release Joint Advisory on Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage Systems
CISA, along with the National Security Agency, Federal Bureau of Investigation, and international partners, released a joint Cybersecurity Advisory on People’s Republic of China PRC state-sponsored Advanced Persistent Threat APT actors targeting critical infrastructure across sectors and continen...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-43300link is external Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyb...
CISA Releases Thirty-Two Industrial Control Systems Advisories
CISA released thirty-two Industrial Control Systems ICS advisories on August 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-226-01 Siemens SIMATIC RTLS Locating Manager ICSA-25-226-02 Siemens COMOS...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2020-25078link is external D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability CVE-2020-25079link is external D-Link DCS-2530L and DCS-2670L...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-48927link is external TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability CVE-2025-48928link is external TeleMessage TM...
CISA Releases Cybersecurity Advisory on SimpleHelp RMM Vulnerability
Today, CISA released Cybersecurity Advisory: Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider. This advisory is in response to ransomware actors targeting customers of a utility billing software provider through...
Advisory Update on Cyber Threat Activity Targeting Commvault’s SaaS Cloud Application (Metallic)
Commvault is monitoring cyber threat activity targeting their applications hosted in their Microsoft Azure cloud environment. Threat actors may have accessed client secrets for Commvault’s Metallic Microsoft 365 M365 backup software-as-a-service SaaS solution, hosted in Azure. This provided the...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-4632link is external Samsung MagicINFO 9 Server Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actor...
Threat Actors Target U.S. Critical Infrastructure with LummaC2 Malware
Today, CISA and the Federal Bureau of Investigation released a joint Cybersecurity Advisory, LummaC2 Malware Targeting U.S. Critical Infrastructure Sectors. This advisory details the tactics, techniques, and procedures, and indicators of compromise IOCs linked to threat actors deploying LummaC2...
CISA Releases Thirteen Industrial Control Systems Advisories
CISA released thirteen Industrial Control Systems ICS advisories on May 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-140-01 ABUP IoT Cloud Platform ICSA-25-140-02 National Instruments Circuit Design Sui...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on April 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-114-01 Schneider Electric Modicon Controllers ICSA-25-114-02 ALBEDO Telecom Net.Time -...
CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise
CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material may ...
CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure
CISA has published a Malware Analysis Report MAR with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA1link is external malware variant, including surviving reboots; however, RESURGE contains...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on March 27, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-037-01 Schneider Electric EcoStruxure Power Monitoring Expert PME Update A CISA encourages...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on March 18, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-077-01 Schneider Electric EcoStruxure Power Automation System User Interface EPAS-UI...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-23209link is external Craft CMS Code Injection Vulnerability CVE-2025-0111link is external Palo Alto Networks PAN-OS File Read Vulnerability These types of...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0108link is external Palo Alto PAN-OS Authentication Bypass Vulnerability CVE-2024-53704link is external SonicWall SonicOS SSLVPN Improper Authentication...
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-40891link is external Zyxel DSL CPE OS Command Injection Vulnerability CVE-2024-40890link is external Zyxel DSL CPE OS Command Injection Vulnerability...
Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software
CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability CVE-2025-0994 discovered by Trimble impacting its Cityworks Server AMS Asset Management System. Trimble has released security updates and an advisory addressing a recently discovered...
Fortinet Releases Security Updates for Multiple Products
Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Fortin...
Microsoft Releases January 2025 Security Updates
Microsoft released security updates to address vulnerabilities in multiple Microsoft products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates:...
CISA Releases the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet
Today, CISA released the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet to foster operational collaboration among government, industry, and international partners and strengthen artificial intelligence AI cybersecurity. The playbook provides voluntary information-sharing processes...
CISA and US and International Partners Publish Guidance on Priority Considerations in Product Selection for OT Owners and Operators
Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on January 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-010-01 Schneider Electric PowerChute Serial Shutdown ICSA-25-010-02 Schneider Electri...
CISA Releases the Cybersecurity Performance Goals Adoption Report
Today, CISA released the Cybersecurity Performance Goals Adoption Report to highlight how adoption of Cybersecurity Performance Goals CPGs benefits our nation’s critical infrastructure sectors. Originally released in October 2022, CISA’s CPGs are voluntary practices that critical infrastructure...
Fortinet Releases Security Updates for FortiManager
Fortinet released a security update to address a vulnerability in FortiManager. A remote cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following Fortinet Security Bulletin and apply the necessary...
Adobe Releases Security Updates for Multiple Products
Adobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Acrobat, Adobe Illustrator, and Adobe InDesign. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on December 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-340-01 AutomationDirect C-More EA9 Programming Software ICSA-24-340-02 Planet Technolo...
CISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications Providers
Today, CISA—in partnership with the National Security Agency NSA, the Federal Bureau of Investigation FBI, and international partners—released joint guidance, Enhanced Visibility and Hardening Guidance for Communications Infrastructure. Partners of this guidance include: Australian Signals...