ohio_k12_help_logo-xparent1-300x85
Login
ohio_k12_help_logo-xparent1-300x85
Login
Login

Cyber Security News

CIS Security Advisories

CIS Security News

CISA News

ISACA SmartBrief

RSS Cyber Security Advisories – MS-ISAC
  • Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2025-04-29
    Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client.Mozilla Thunderbird ESR is a version […]
  • A Vulnerability in SAP NetWeaver Visual Composer Could Allow for Remote Code Execution 2025-04-25
    A vulnerability has been discovered in SAP NetWeaver Visual Composer, which could allow for remote code execution. SAP NetWeaver Visual Composer is SAP’s web-based software modelling tool. It enables business process specialists and developers to create business application components, without coding. Successful exploitation of this vulnerability could allow for remote code execution in the context […]
  • A Vulnerability in SonicWall Secure Mobile Access (SMA) 100 Series Management Interface Could Allow for Remote Code Execution 2025-04-23
    A vulnerability has been discovered in SonicWall Secure Mobile Access (SMA) 100 Management Interface, which could allow for remote code execution. SonicWall Secure Mobile Access (SMA) is a unified secure access gateway used by organizations to provide employees access to applications from anywhere. Successful exploitation of this vulnerability could allow for remote code execution. 
  • Oracle Quarterly Critical Patches Issued April 15, 2025 2025-04-18
    Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution.
  • Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution 2025-04-18
    Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install […]
  • Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution 2025-04-08
    Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution.  FortiAnalyzer is a log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate, and respond, enabling simplified security operations, proactive identification and remediation of risks, and complete visibility of the […]
  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2025-04-08
    Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe Commerce is a composable ecommerce solution that lets you quickly create global, multi-brand B2C and B2B experiences.Adobe Experience Manager (AEM) Forms is a solution within the AEM platform that allows businesses to create, manage, and deploy […]
  • A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution 2025-04-08
    A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new […]
  • Multiple Vulnerabilities in Ivanti Endpoint Manager Could Allow for Remote Code Execution 2025-04-08
    Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges […]
  • Critical Patches Issued for Microsoft Products, April 8, 2025 2025-04-08
    Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users […]
RSS Blog Feed – Center for Internet Security
RSS All CISA Advisories
  • CISA Releases Three Industrial Control Systems Advisories 2025-04-29
    CISA released three Industrial Control Systems (ICS) advisories on April 29, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-119-01 Rockwell Automation ThinManager ICSA-25-119-02 Delta Electronics ISPSoft  ICSA-25-105-05 Lantronix XPort (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
    CISA
  • Delta Electronics ISPSoft 2025-04-29
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: ISPSoft Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ISPSoft are affected: ISPSoft: Versions 3.19 […]
    CISA
  • Rockwell Automation ThinManager 2025-04-29
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges and cause a denial-of-service condition. 3. TECHNICAL […]
    CISA
  • CISA Adds One Known Exploited Vulnerability to Catalog 2025-04-29
    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-31324 SAP NetWeaver Unrestricted File Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of […]
    CISA
  • CISA Adds Three Known Exploited Vulnerabilities to Catalog 2025-04-28
    CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-1976 Broadcom Brocade Fabric OS Code Injection Vulnerability CVE-2025-42599 Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability CVE-2025-3928 Commvault Web Server Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal […]
    CISA
  • ALBEDO Telecom Net.Time - PTP/NTP Clock 2025-04-24
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: ALBEDO Telecom Equipment: Net.Time - PTP/NTP clock Vulnerability: Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception. 3. TECHNICAL DETAILS 3.1 […]
    CISA
  • Vestel AC Charger 2025-04-24
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vestel Equipment: AC Charger Vulnerability: Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to sensitive information, such as credentials which could subsequently enable them to cause […]
    CISA
  • Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool 2025-04-24
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: iSTAR Configuration Utility (ICU) Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls reports the following versions of […]
    CISA
  • Planet Technology Network Products 2025-04-24
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Planet Technology Equipment: Planet Technology Network Products Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Use of Hard-coded Credentials, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an […]
    CISA
  • CISA Releases Seven Industrial Control Systems Advisories 2025-04-24
    CISA released seven Industrial Control Systems (ICS) advisories on April 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-114-01 Schneider Electric Modicon Controllers ICSA-25-114-02 ALBEDO Telecom Net.Time - PTP/NTP Clock ICSA-25-114-03 Vestel AC Charger ICSA-25-114-04 Nice Linear eMerge E3 ICSA-25-114-05 Johnson Controls Software House iSTAR Configuration Utility […]
    CISA
RSS ISACA SmartBrief on Cybersecurity
Ohio Department of Education & Workforce
MS-ISAC
CIS-Logo
Management Council Logo