CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-3079 Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on June 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-157-01 Delta Electronics CNCSoft-B DOPSoft ICSA-23-157-02 Mitsubishi Electric MELSEC iQ-R...

CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF)

Today, CISA, the Federal Bureau of Investigation FBI, the National Security Agency NSA, and the Multi-State Information Sharing and Analysis Center MS-ISAC published an updated version of the StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initia...

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on May 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-143-01 Hitachi Energy AFS65x, AFS67x, AFR67x and AFF66x Products ICSA-23-143-02 Hitachi...

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems ICS advisories on May 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-136-01 Snap One OvrC Cloud ICSA-23-136-02 Rockwell ArmorStart ICSA-23-136-03 Rockwell...

CISA and Partners Release BianLian Ransomware Cybersecurity Advisory

CISA, the Federal Bureau of Investigation FBI, and the Australian Cyber Security Centre ACSC have released a joint Cybersecurity Advisory CSA with known BianLian ransomware and data extortion group technical details. Microsoft and Sophos contributed to the advisory. To reduce the likelihood and...

CISA and FBI Release Joint Advisory in Response to Active Exploitation of PaperCut Vulnerability

CISA and FBI have released a joint Cybersecurity Advisory CSA, Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. This joint advisory provides details related to an exploitation of PaperCut MF/NG vulnerability CVE-2023-27350. FBI observed malicious actors exploit CVE-2023-27350...

Microsoft Releases May 2023 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s May 2023 Security Update Guidelink is external and...

CISA and Partners Disclose Snake Malware Threat From Russian Cyber Actors

Today, CISA and partners released a joint advisory for a sophisticated cyber espionage tool used by Russian cyber actors. Hunting Russian Intelligence “Snake” Malware provides technical descriptions of the malware’s host architecture and network communications, and mitigations to help detect and...

Mozilla Releases Security Advisories for Multiple Products

Mozilla has released security advisories to address vulnerabilities in Thunderbird, Firefox and Firefox ESR. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and appl...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on May 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-129-02 Hitachi Energy MSM ICSA-21-334-02 Mitsubishi MELSEC and MELIPC Series Update F CISA...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on May 4, 2023.This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on April 25, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-115-01 Keysight N8844A Data Analytics Web Service ICSA-23-115-02 Scada-LTS Third Party...

CISA Releases Two SBOM Documents

Today, CISA released two community-drafted documents around Software Bill of Materials SBOM: Types of SBOM documents and Minimum Requirements for Vulnerability Exploitability eXchange VEX. The Types of SBOM document summarizes common types of SBOMs that tools may create in the industry today, alo...

VMware Releases Security Update for Aria Operations for Logs

VMware has released a security update to address multiple vulnerabilities in Aria Operations for Logs formerly vRealize Log Insight. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security...

Drupal Releases Security Advisory to Address Vulnerability in Drupal Core

Drupal has released a security advisory to address an access bypass vulnerability affecting multiple Drupal versions. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal security advisory SA-CORE-2023-005lin...

Oracle Releases Security Updates

Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for April 2023 to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages user...

CISA Releases Malware Analysis Report on ICONICSTEALER

CISA has released a new Malware Analysis Report MAR on an infostealer known as ICONICSTEALER. This trojan has been identified as a variant of malware used in the supply chain attack against 3CX’s Desktop App. CISA recommends users and administrators to review the following resources for more...

CISA to Continue and Enhance U.K.’s Logging Made Easy Tool

CISA has announced plans to continue and enhance the Logging Made Easy LME tool, a service originally developed and maintainedlink is external by the United Kingdom’s National Cyber Security Centre NCSC-UK. NCSC-UK stopped supporting the open-source log management solution for Windows-based devic...

CISA and Partners Release Cybersecurity Best Practices for Smart Cities

Today, CISA, NSA, FBI, NCSC-UKlink is external, ACSClink is external, CCCSlink is external and NCSC-NZlink is external released a joint guide: Cybersecurity Best Practices for Smart Cities. Smart cities may create safer, more efficient, resilient communities through technological innovation and...

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on April 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

IRS Warns of New Tax Scams

The Internal Revenue Service IRS has issued a reminder urging taxpayers to be vigilant and wary of new of tax-related scams. These include phishing and other fraudulent behaviors. The IRS recommends strengthening passwords, remaining vigilant against phishing attempts, and forwarding suspicious...

CISA Releases Sixteen Industrial Control Systems Advisories

CISA released sixteen Industrial Control Systems ICS advisories on April 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSMA-23-103-01 B. Braun Battery Pack SP with Wi-Fi ICSA-23-103-01 Siemens Adaptec maxView...

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. iOS 15.7...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Digital...

Fortinet Releases April 2023 Vulnerability Advisories

Fortinet has released its April 2023 Vulnerability Advisorieslink is external to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Fortinet April...

Mozilla Releases Security Advisories for Multiple Products

Mozilla has released security advisories for vulnerabilities affecting multiple Mozilla products. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary...

Thorium Platform Public Availability

Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thoriumlink is external, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams' capabilities by automating analysis workflows...

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on July 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-184-01 Hitachi Energy Relion 670/650 and SAM600-IO Series ICSA-25-184-02 Hitachi Energy...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on June 26, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-177-01 Mitsubishi Electric Air Conditioning Systems ICSA-25-177-02 TrendMakers Sight Bulb...

Unsophisticated Cyber Actor(s) Targeting Operational Technology

CISA is increasingly aware of unsophisticated cyber actors targeting ICS/SCADA systems within U.S. critical Infrastructure sectors Oil and Natural Gas, specifically in Energy and Transportation Systems. Although these activities often include basic and elementary intrusion techniques, the presenc...

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on March 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-084-01 ABB RMC-100 ICSA-25-084-02 Rockwell Automation Verve Asset Manager ICSA-25-084-0...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on March 11, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-070-01 Schneider Electric Uni-Telway Driver ICSA-25-070-02 Optigo Networks Visual BACnet...

CISA Releases Seven Industrial Control Systems Advisories

CISA released seven Industrial Control Systems ICS advisories on February 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-051-01 ABB ASPECT-Enterprise, NEXUS, and MATRIX Series ICSA-25-051-02 ABB FLXEON...

Apple Released Security Updates for Safari and macOS

Apple released security updates to address a vulnerability CVE-2024-1580 in Safari and macOS. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates:...

Juniper Releases Multiple Security Updates for Juno OS

Juniper has released updates to address multiple vulnerabilities in Juno OSlink is external. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper’s Support Portallink is external and apply the...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS advisories on July 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-194-01 Siemens RUGGEDCOM ROX ICSA-23-194-02 Siemens SiPass Integrated ICSA-23-194-03...

2023 CWE Top 25 Most Dangerous Software Weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2023 Common Weakness Enumeration CWE Top 25 Most Dangerous Software Weaknesseslink is external. The CWE Top 25 is calculated by analyzing...