CIS Security Advisories
CIS Security News
CISA News
ISACA SmartBrief
Cyber Security Advisories – MS-ISAC
- Multiple Vulnerabilities in NetScaler ADC and NetScaler Gateway Could Allow for Remote Code Execution 2025-08-27Multiple Vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway, which could allow for remote code execution. NetScaler ADC is a networking product that functions as an Application Delivery Controller (ADC), a tool that optimizes, secures, and ensures the reliable availability of applications for businesses.NetScaler Gateway is a secure remote access solution that provides users […]
- A Vulnerability in Git Could Allow for Remote Code Execution 2025-08-27A vulnerability has been discovered in Git, which could allow for remote code execution. Git is a free and open-source distributed version control system (VCS). It is designed to track changes in source code during software development and is widely used for coordinating work among multiple developers on the same project. Successful exploitation of this […]
- Multiple Vulnerabilities in Microsoft Products Could Allow for Remote Code Execution 2025-08-26Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user or exploited process. Depending on the privileges associated with the user or process, an […]
- Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2025-08-26Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Focus for iOS is a private mobile browser that automatically blocks […]
- A Vulnerability in Apple Products Could Allow for Arbitrary Code Execution 2025-08-26A vulnerability has been discovered in Apple products which could allow for arbitrary code execution. Successful exploitation could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with […]
- Multiple Vulnerabilities in Commvault Backup & Recovery Could Allow for Remote Code Execution 2025-08-26Multiple vulnerabilities have been discovered in Commvault Backup & Recovery, which when chained together, could allow for remote code execution. Commvault Backup & Recovery is a comprehensive data protection solution that offers a range of services for safeguarding data across various environments, including on-premises, cloud, and hybrid setups. Successful exploitation of these vulnerabilities could allow […]
- Multiple Vulnerabilities in Cisco Security Products Could Allow for Arbitrary Code Execution 2025-08-15Multiple vulnerabilities have been discovered in Cisco security products that could allow for arbitrary code execution.Cisco Secure Firewall Management Center (FMC) is a centralized management solution for Cisco Secure Firewall devices, enabling policy control, event monitoring, and threat analysis.Cisco Firepower 2100 Series is a family of threat-focused firewalls designed for high-performance security and visibility across […]
- Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution 2025-08-14Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for remote code execution. FortiSIEM is a Security Information and Event Management (SIEM) solution from Fortinet that provides real-time infrastructure and user awareness for accurate threat detection, analysis, and reporting.FortiManager is a network and security management tool that provides centralized management […]
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2025-08-13Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Commerce is a comprehensive, enterprise-grade e-commerce platform, formerly known as Magento Commerce, that allows businesses to build, personalize, and manage online stores.Adobe Substance 3D Viewer is a tool that allows users to view, customize, and […]
- Critical Patches Issued for Microsoft Products, August 12, 2025 2025-08-12Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users […]
Blog Feed – Center for Internet Security
- CIS Controls Ambassador Spotlight: Eric Woodard 2025-08-21The CIS Controls Ambassador program is an initiative of the CIS that focuses on enhancing the adoption of key cybersecurity best practices.
- CIS Benchmarks August 2025 Update 2025-08-19Here is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for August 2025.
- Critical Infrastructure Caught in a Botnet 2025-08-14Cyber threat actors frequently use a botnet in their efforts to target U.S. critical infrastructure. Read on for how to defend your networks.
- 5 Cyber Questions Sheriffs & Police Chiefs Should Ask 2025-08-14Cyber threat actors continue to target law enforcement agencies. Here are five cyber questions LE executives can ask to evaluate their defenses.
- Applying CIS Benchmarks to Harden Windows 11 VDI Systems 2025-08-13Learn how the CIS IT team successfully implemented CIS Benchmarks in a Virtual Desktop Infrastructure (VDI) environment—specifically focusing on Windows 11.
- Automating the CIS Controls with OSCAL 2025-07-24Automation for Controls: Meet OSCAL, the Open Security Controls Assessment Language OSCAL, also known as the Open Security Controls Assessment.
- Top 10 Malware Q2 2025 2025-07-18Total malware notifications from MS-ISAC monitoring services decreased 18% from Q1 2025 to Q2 2025. Read our Top 10 Malware Q2 2025 for more.
- CIS Benchmarks July 2025 Update 2025-07-08Here is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for July 2025.
- What Makes CIS Hardened Images Secure Enough for the U.S. IC 2025-06-30How do U.S. IC organizations strengthen their cloud security in a way that meets their needs? See how the CIS Hardened Images® can help.
- Lay a Cybersecurity Foundation and Master CIS Controls IG1 2025-06-13Today’s digital threats don’t discriminate by size or sector. Building a solid cybersecurity foundation is no longer optional—it’s essential.
All CISA Advisories
- CISA and Partners Release Joint Advisory on Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage Systems 2025-08-27CISA, along with the National Security Agency, Federal Bureau of Investigation, and international partners, released a joint Cybersecurity Advisory on People’s Republic of China (PRC) state-sponsored Advanced Persistent Threat (APT) actors targeting critical infrastructure across sectors and continents to maintain persistent, long-term access to networks. This advisory builds on previous reporting and is based on real-world investigations conducted across […]CISA
- Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System 2025-08-27Executive summary People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks. While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised […]CISA
- INVT VT-Designer and HMITool 2025-08-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: INVT Equipment: VT-Designer and HMITool Vulnerabilities: Out-of-bounds Write, Access of Resource Using Incompatible Type ('Type Confusion') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of the current process. 3. TECHNICAL DETAILS 3.1 […]CISA
- CISA Adds One Known Exploited Vulnerability to Catalog 2025-08-26CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-7775 Citrix NetScaler Memory Overflow Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk […]CISA
- Schneider Electric Modicon M340 Controller and Communication Modules 2025-08-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and Communication Modules Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following […]CISA
- CISA Releases Three Industrial Control Systems Advisories 2025-08-26CISA released three Industrial Control Systems (ICS) advisories on August 26, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-238-01 INVT VT-Designer and HMITool ICSA-25-238-03 Schneider Electric Modicon M340 Controller and Communication Modules ICSA-25-140-03 Danfoss AK-SM 8xxA Series (Update A) CISA encourages users and administrators to review newly […]CISA
- CISA Adds Three Known Exploited Vulnerabilities to Catalog 2025-08-25CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-8069 Citrix Session Recording Deserialization of Untrusted Data Vulnerability CVE-2024-8068 Citrix Session Recording Improper Privilege Management Vulnerability CVE-2025-48384 Git Link Following Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant […]CISA
- CISA Requests Public Comment for Updated Guidance on Software Bill of Materials 2025-08-22CISA released updated guidance for the Minimum Elements for a Software Bill of Materials (SBOM) for public comment—comment period begins today and concludes on October 3, 2025. These updates build on the 2021 version of the National Telecommunications and Information Administration SBOM Minimum Elements to reflect advancements in tooling and implementation. An SBOM serves as […]CISA
- CISA Releases Three Industrial Control Systems Advisories 2025-08-21CISA released three Industrial Control Systems (ICS) advisories on August 21, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-233-01 Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module ICSA-25-177-01 Mitsubishi Electric Air Conditioning Systems (Update A) ICSMA-25-233-01 FUJIFILM Healthcare Americas Synapse Mobility CISA encourages users and administrators to […]CISA
- CISA Adds One Known Exploited Vulnerability to Catalog 2025-08-21CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-43300 Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the […]CISA
ISACA SmartBrief on Cybersecurity
- Unstructured data management can be a strategic enabler 2025-08-27Unstructured data management has become a strategic enabler across industries, not just a cost-saving measure. -More-
- Questions can't change the truth. But they give it motion. 2025-08-27Giannina Braschi, writer, poet
- Nissan confirms data breach by Qilin ransomware 2025-08-27Nissan has confirmed a data breach at its subsidiary Creative Box, after the Qilin ransomware group claimed to have stolen 4 -More-
- Senator urges court system cybersecurity review after hack 2025-08-27Sen. -More-
- MixShell malware spreads via contact forms 2025-08-27A social engineering campaign dubbed ZipLine is targeting US supply chain manufacturers with MixShell, an in-memory malware. -More-
- Cyberincident disrupts Maryland Transit Administration 2025-08-27The Maryland Transit Administration is contending with a cyberincident that has disrupted some services, including Mobility P -More-
- Git flaw is being exploited in the wild, agency says 2025-08-27The Cybersecurity and Infrastructure Security Agency has warned about an exploited vulnerability in Git that allows arbitrary -More-
