4188 matches found
CISA Releases Three Industrial Control Advisories
CISA has released three 3 Industrial Control Systems ICS advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories f...
Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager
Microsoft has released a security update to address a vulnerability in Microsoft Endpoint Configuration Manager, versions 2103-2207. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Owl Labs Releases Security Updates for Meeting Owl Pro and Whiteboard Owl
Owl Labs has released security updates to address a vulnerability CVE-2022-31460 in Meeting Owl Pro and Whiteboard Owl. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review the Owl Labs security advisories for Meeting Owl...
ISC Releases Security Advisory for BIND
The Internet Systems Consortium ISC has released a security advisory that addresses a vulnerability affecting version 9.18.0 of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrato...
Broadcom Software Discloses APT Actors Deploying Daxin Malware in Global Espionage Campaign
Broadcom Software—an industry member of CISA’s Joint Cyber Defense Collaborative JCDC—uncovers an advanced persistent threat APT campaign against select governments and other critical infrastructure targets in a publication titled Daxin: Stealthy Backdoor Designed for Attacks Against Hardened...
CISA Releases Security Advisory for Airspan Networks Mimosa
CISA has released an Industrial Controls Systems Advisory ICSA that details vulnerabilities in the Airspan Networks Mimosa product line. An attacker could exploit these vulnerabilities to achieve remote code execution, create a denial-of-service condition, or obtain sensitive information. CISA...
CISA Releases Best Practices for Mapping to MITRE ATT&CK®
As part of an effort to encourage a common language in threat actor analysis, CISA has released Best Practices for MITRE ATT&CK® Mapping. The guide shows analysts—through instructions and examples—how to map adversary behavior to the MITRE ATT&CK framework. CISA created this guide in partnership...
Juniper Networks Releases Security Updates
Juniper Networks has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Security Advisories webpage and apply the...
OpenSSL Releases Security Update
OpenSSL has released a security update to address vulnerabilities affecting versions 1.1.1–1.1.1j. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary updat...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Samba Security Announcements for...
Apple Releases Security Updates
Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple security pages...
Microsoft Releases Security Update for Windows Elevation of Privilege Vulnerability
Microsoft has released a security update to address an elevation of privilege vulnerability CVE-2019-1162 in Windows. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...
ISC Releases BIND Security Updates
The Internet Systems Consortium ISC has released updates that address a vulnerability in versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA...
Adobe Releases Security Updates for Reader, Acrobat, and Flash Player
Adobe has released security updates to address multiple vulnerabilities in Reader, Acrobat, and Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletins...
Security Advisory for Adobe Flash Player
Adobe has released Flash Player desktop version 16.0.0.296 to address a critical vulnerability CVE-2015-0311 in 16.0.0.287 and earlier versions for Windows and Macintosh. This vulnerability could allow an attacker to take control of the affected system. Users and administrators are encouraged to...
2025 CWE Top 25 Most Dangerous Software Weaknesses
The Cybersecurity and Infrastructure Security Agency CISA, in collaboration with the Homeland Security Systems Engineering and Development Institute HSSEDI, operated by the MITRE Corporation, has released the 2025 Common Weakness Enumeration CWE Top 25 Most Dangerous Software Weaknesseslink is...
Ivanti Releases Security Updates for Avalanche, Neurons for ITSM, and Virtual Traffic Manager
Ivanti released security updates to address multiple vulnerabilities in Ivanti Avalanche, Neurons for ITSM, and Virtual Traffic Manager vTM. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Ivanti advises users to reduce their attack surface...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba Security Announcements...
Samba Releases Security Update
The Samba Team has released a security update to address a vulnerability in multiple versions of Samba. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Samba Security Announcement CVE-2021-43566 and apply the...
Citrix Releases Security Updates
Citrix has released security updates to address multiple vulnerabilities in Application Delivery Controller, Gateway, and SD-WAN WANOP Edition. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix...
CISA Releases Security Advisory for Philips Vue PAC Products
CISA has released an Industrial Controls Systems ICS Medical Advisory detailing multiple vulnerabilities in multiple Philips Clinical Collaboration Platform Portal officially registered as Vue PACS products. An attacker could exploit some of these vulnerabilities to take control of an affected...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...
Google Releases Security Updates for Chrome
Google has released Chrome Version 88.0.4324.150 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary updates. This...
Palo Alto Releases Security Updates for PAN-OS
Palo Alto Networks has released security updates to address a vulnerability affecting the use of Security Assertion Markup Language in PAN-OS. An unauthenticated attacker with network access could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure...
ISC Releases Security Advisory for BIND
The Internet Systems Consortium ISC has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructur...
Exim Releases Security Patches
Exim has released patches to address vulnerabilities affecting Exim 4.92.1 and prior versions. A remote attacker could exploit this vulnerability to take control of an affected email server. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review th...
Mozilla Releases Security Updates
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57.0.2 and ESR...
IRS Warns Tax Professionals of New Scam to Steal Passwords
The Internal Revenue Service IRS, acting in concert with state tax agencies and the tax industry, has issued an IRS Security Summit Alert for tax professionals to beware of a new phishing email scam. Scam operators often use fraudulent e-mails to entice their targets to reveal login credentials...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-21182link is external Oracle WebLogic Server Unspecified Vulnerability This type of vulnerability is a frequent attack vectors for malicious cyber actors and...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-22054link is external Omnissa Workspace ONE Server-Side Request Forgery CVE-2025-26399link is external SolarWinds Web Help Desk Deserialization of...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2023-52163link is external Digiever DS-2105 Pro Missing Authorization Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Updated June 5, 2025 CISA is continually collaborating with partners across government and the private sector. Through this collaboration, CISA learned that CVE-2025-4664 has not been exploited and there is insufficient evidence to keep this CVE on the KEV and that the best course of action is to...
Russian State-Sponsored Actors Target Cleared Defense Contractor Networks
CISA, the Federal Bureau of Investigation FBI, and the National Security Agency NSA have released a joint Cybersecurity Advisory CSA highlighting regular targeting of U.S. cleared defense contractors CDCs by Russian state-sponsored cyber actors. These CDCs support contracts for the U.S. Departmen...
NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures
CISA has announced the joint National Security Agency NSA and CISA publication of the second of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part II: Securely Isolate Network Resources examines threats to 5G container-centric or hybrid container/virtual network, also known ...
ISC Releases Security Advisory for BIND
The Internet Systems Consortium ISC has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and...
CISA Releases Advisory on ZOLL Defibrillator Dashboard
CISA has released an Industrial Controls Systems ICS Medical Advisory on multiple vulnerabilities in the ZOLL Defibrillator Dashboard. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the ICS...
ISC Releases Security Advisory for BIND
The Internet Systems Consortium ISC has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and...
Samba Releases Security Updates
The Samba Team has released security updates that address a vulnerability in all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review...
Oracle Releases Security Update for Java SE
Oracle has released Java SE 8u77 to address a vulnerability in prior versions of the software. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle security alert and apply the necessary...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-31431link is external Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability This type of vulnerability is a frequent attack vector for...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS advisories on February 4, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-035-01 Western Telematic Inc NPS Series, DSM Series, CPM Series ICSA-25-035-02 Rockwe...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-7971link is external Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and po...
ISC Releases Security Advisories for BIND 9
The Internet Systems Consortium ISC released security advisories to address vulnerabilities affecting multiple versions of ISC’s Berkeley Internet Name Domain BIND 9. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and...
#StopRansomware: Daixin Team
CISA, the Federal Bureau of Investigation FBI, and the Department of Health and Human Services HHS have released a joint Cybersecurity Advisory CSA, StopRansomware: Daixin Team to provide information on the “Daixin Team,” a cybercrime group actively targeting U.S. businesses, predominantly in the...
CISA Publishes Infographic on Layering Network Security Through Segmentation
CISA has published an infographic to emphasize the importance of implementing network segmentation—a physical or virtual architectural approach that divides a network into multiple segments, each acting as its own subnetwork, to provide additional security and control that can help prevent or...
CISA Releases Security Advisory for ThroughTek Kalay P2P SDK
CISA has released an Industrial Control Systems ICS advisory detailing a vulnerability affecting several versions of ThroughTek Kalay P2P Software Development Kit SDK. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrator...
BadAlloc Vulnerability Affecting Devices Incorporating Older BlackBerry QNX Products
CISA released an Alert today on devices incorporating older versions of multiple BlackBerry QNX products affected by a BadAlloc vulnerability. A malicious actor could exploit this vulnerability to take control of an affected system or cause a denial-of-service condition. Because devices...
SonicWall Releases Additional Patches
SonicWall has released firmware patches for SMA 100 series products in an update to its previous alert from February 3, 2021. A remote attacker could exploit a vulnerability in versions of SMA 10 prior to 10.2.0.5-29sv to take control of an affected system. CISA encourages users and administrator...
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla has released security updates addressing a vulnerability affecting Firefox and Firefox ESR. An attacker can take advantage of this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisory for Firefox 85.0.1 and...
Google Releases Security Updates for Chrome
Google has released Chrome version 87.0.4280.141 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary updates. This...