ohio_k12_help_logo-xparent1-300x85
Login
ohio_k12_help_logo-xparent1-300x85
Login
Login

Cyber Security News

CIS Security Advisories

CIS Security News

CISA News

ISACA SmartBrief

RSS Cyber Security Advisories – MS-ISAC
  • Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2026-05-20
    Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Successful exploitation of the most severe of these vulnerabilities could allow […]
  • Multiple Vulnerabilities in NGINX Could Allow for Remote Code Execution 2026-05-18
    Multiple vulnerabilities have been discovered in NGINX, the most severe of which could allow for remote code execution. NGINX is a software used for web serving, reverse proxying, caching, and load balancing. Successful exploitation of the most severe of these vulnerabilities may allow an unauthenticated threat actor to crash vulnerable NGINX worker processes by sending […]
  • A Vulnerability in Microsoft Exchange Server Could Allow for Arbitrary Code Execution 2026-05-15
    A vulnerability has been discovered in Microsoft Exchange Server that could allow for arbitrary code execution. Microsoft Exchange Server is an enterprise-level email and collaboration platform developed by Microsoft that runs on Windows Server. Successful exploitation could allow for arbitrary JavaScript to be executed in the browser context. The malicious code would run with the […]
  • Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution 2026-05-12
    Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for remote code execution.  * FortiAuthenticator is a centralized identity and access management (IAM) solution that secures network access by managing user identities, Multi-Factor Authentication (MFA), and certificate management. * FortiSandbox is an advanced threat detection solution from Fortinet that […]
  • Critical Patches Issued for Microsoft Products, May 12, 2026 2026-05-12
    Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; […]
  • Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution 2026-05-12
    Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create […]
  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2026-05-12
    Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe After Effects is a digital effects, motion graphics, and compositing application.Adobe Commerce is a composable ecommerce solution that lets you quickly create global, multi-brand B2C and B2B experiences all from one cloud-native platform.Adobe Connect is a […]
  • Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2026-05-07
    Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Successful exploitation of the most severe of these vulnerabilities could allow […]
  • A Vulnerability in PAN-OS Could Allow for Remote Code Execution 2026-05-06
    A vulnerability has been discovered in the PAN-OS Authentication Portal (aka Captive Portal) service that could allow for remote code execution. PAN-OS is the operating system that runs Palo Alto Networks next-generation firewalls. Successful exploitation could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by […]
  • A Vulnerability in Apache HTTP Server Could Allow for Remote Code Execution 2026-05-06
    A vulnerability has been discovered in Apache HTTP Server with the HTTP/2 protocol that could allow for remote code execution. Apache is a free, open-source web server software that enables the delivery of web content over the internet. Successful exploitation could result in denial of service, crashing worker processes with minimal effort. In certain setups, especially […]
RSS Blog Feed – Center for Internet Security
RSS All CISA Advisories
  • CISA Adds Seven Known Exploited Vulnerabilities to Catalog 2026-05-20
    CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537 Microsoft DirectX NULL Byte Overwrite Vulnerability CVE-2009-3459 Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability CVE-2010-0249 Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2010-0806 Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2026-41091 Microsoft […]
    CISA
  • Kieback & Peter DDC Building Controllers 2026-05-19
    View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser. The following versions of Kieback & Peter DDC Building Controllers are affected: DDC4002
    CISA
  • ScadaBR 2026-05-19
    View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to perform unauthenticated remote code execution. The following versions of ScadaBR are affected: ScadaBR 1.2.0 (CVE-2026-8602, CVE-2026-8603, CVE-2026-8604, CVE-2026-8605) CVSS Vendor Equipment Vulnerabilities v3 9.1 ScadaBR ScadaBR Missing Authentication for Critical Function, Improper Neutralization of Special Elements used in an OS Command ('OS […]
    CISA
  • ABB CoreSense HM and CoreSense M10 2026-05-19
    View CSAF Summary An update is available that resolves vulnerability in the product versions listed as affected in this advisory. A path traversal vulnerability in these products can allow unauthenticated users to gain access to restricted directories. Exploiting this vulnerability can lead to complete system compromise and exposure of sensitive information. The following versions of […]
    CISA
  • Siemens RUGGEDCOM APE1808 Devices 2026-05-19
    View CSAF Summary A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. Siemens is preparing fix versions and recommends countermeasures for products where […]
    CISA
  • ZKTeco CCTV Cameras 2026-05-19
    View CSAF Summary Successful exploitation of this vulnerability could result in information disclosure, including capture of camera account credentials. The following versions of ZKTeco CCTV Cameras are affected: SSC335-GC2063-Face-0b77 Solution CVSS Vendor Equipment Vulnerabilities v3 9.1 ZKTeco ZKTeco CCTV Cameras Authentication Bypass Using an Alternate Path or Channel Background Critical Infrastructure Sectors: Commercial Facilities Countries/Areas […]
    CISA
  • CISA Adds One Known Exploited Vulnerability to Catalog 2026-05-15
    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant […]
    CISA
  • Siemens Ruggedcom Rox 2026-05-14
    View CSAF Summary Ruggedcom Rox contains an input validation vulnerability in the Scheduler functionality that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens […]
    CISA
  • Siemens Ruggedcom Rox 2026-05-14
    View CSAF Summary Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Ruggedcom Rox are affected: RUGGEDCOM ROX MX5000 vers:intdot/
    CISA
  • Siemens Siemens ROS# 2026-05-14
    View CSAF Summary ROS# contains a ROS service file_server, that before version 2.2.2 contains a path traversal vulnerability which could allow an attacker to access, i.e. read and write, arbitrary files, which are accessible with the user rights of the user that runs the service, on the system that hosts service. Siemens has released a […]
    CISA
RSS ISACA SmartBrief on Cybersecurity
Ohio Department of Education & Workforce
MS-ISAC
CIS-Logo
Management Council Logo