Cyber Security News

CIS Security Advisories

CIS Security News

CISA News

ISACA SmartBrief

RSS Cyber Security Advisories – MS-ISAC
  • Multiple Vulnerabilities in Cisco Security Products Could Allow for Arbitrary Code Execution 2025-08-15
    Multiple vulnerabilities have been discovered in Cisco security products that could allow for arbitrary code execution.Cisco Secure Firewall Management Center (FMC) is a centralized management solution for Cisco Secure Firewall devices, enabling policy control, event monitoring, and threat analysis.Cisco Firepower 2100 Series is a family of threat-focused firewalls designed for high-performance security and visibility across […]
  • Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution 2025-08-14
    Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for remote code execution. FortiSIEM is a Security Information and Event Management (SIEM) solution from Fortinet that provides real-time infrastructure and user awareness for accurate threat detection, analysis, and reporting.FortiManager is a network and security management tool that provides centralized management […]
  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2025-08-13
    Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Commerce is a comprehensive, enterprise-grade e-commerce platform, formerly known as Magento Commerce, that allows businesses to build, personalize, and manage online stores.Adobe Substance 3D Viewer is a tool that allows users to view, customize, and […]
  • Critical Patches Issued for Microsoft Products, August 12, 2025 2025-08-12
    Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users […]
  • A Vulnerability in SonicWall SonicOS management access and SSLVPN Could Allow for Unauthorized Access 2025-08-08
    A vulnerability has been discovered in SonicWall SonicOS Management Access and SSLVPN, which could allow for unauthorized resource access and in specific conditions, causing the firewall to crash. SonicOS is SonicWall’s operating system designed for their firewalls and other security devices. Successful exploitation of the most severe of these vulnerabilities could allow for unauthorized access […]
  • Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution 2025-07-30
    Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install […]
  • A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution 2025-07-30
    A Vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Successful exploitation of the the vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or […]
  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2025-07-23
    Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.  Adobe After Effects – Used for creating motion graphics, visual effects, and compositing in film, television, and online content.Adobe Substance 3D Viewer – A 3D visualization and editing tool for opening, adjusting, and rendering 3D models.Adobe Audition – Professional […]
  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2025-07-23
    Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; […]
  • Multiple Vulnerabilities in Microsoft SharePoint Server Could Allow for Remote Code Execution 2025-07-22
    Multiple Vulnerabilities have been discovered in Microsoft SharePoint Server, which could allow for remote code execution. Microsoft SharePoint Server is a web-based collaborative platform that integrates with Microsoft Office. Successful exploitation of these vulnerabilities allows for unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, […]
RSS Blog Feed – Center for Internet Security
RSS All CISA Advisories
  • CISA Releases Three Industrial Control Systems Advisories 2025-08-26
    CISA released three Industrial Control Systems (ICS) advisories on August 26, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-238-01 INVT VT-Designer and HMITool ICSA-25-238-03 Schneider Electric Modicon M340 Controller and Communication Modules ICSA-25-140-03 Danfoss AK-SM 8xxA Series (Update A) CISA encourages users and administrators to review newly […]
    CISA
  • INVT VT-Designer and HMITool 2025-08-26
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: INVT Equipment: VT-Designer and HMITool Vulnerabilities: Out-of-bounds Write, Access of Resource Using Incompatible Type ('Type Confusion') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of the current process. 3. TECHNICAL DETAILS 3.1 […]
    CISA
  • CISA Adds One Known Exploited Vulnerability to Catalog 2025-08-26
    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-7775 Citrix NetScaler Memory Overflow Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk […]
    CISA
  • Schneider Electric Modicon M340 Controller and Communication Modules 2025-08-26
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and Communication Modules Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following […]
    CISA
  • CISA Adds Three Known Exploited Vulnerabilities to Catalog 2025-08-25
    CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-8069 Citrix Session Recording Deserialization of Untrusted Data Vulnerability CVE-2024-8068 Citrix Session Recording Improper Privilege Management Vulnerability CVE-2025-48384 Git Link Following Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant […]
    CISA
  • CISA Requests Public Comment for Updated Guidance on Software Bill of Materials 2025-08-22
    CISA released updated guidance for the Minimum Elements for a Software Bill of Materials (SBOM) for public comment—comment period begins today and concludes on October 3, 2025. These updates build on the 2021 version of the National Telecommunications and Information Administration SBOM Minimum Elements to reflect advancements in tooling and implementation.   An SBOM serves as […]
    CISA
  • Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module 2025-08-21
    View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series CPU module Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a remote attacker being able to delay the processing of the Web server function […]
    CISA
  • CISA Adds One Known Exploited Vulnerability to Catalog 2025-08-21
    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2025-43300 Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the […]
    CISA
  • FUJIFILM Healthcare Americas Synapse Mobility 2025-08-21
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: FUJIFILM Healthcare Americas Corporation Equipment: Synapse Mobility Vulnerability: External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following […]
    CISA
  • CISA Releases Three Industrial Control Systems Advisories 2025-08-21
    CISA released three Industrial Control Systems (ICS) advisories on August 21, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-233-01 Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module ICSA-25-177-01 Mitsubishi Electric Air Conditioning Systems (Update A) ICSMA-25-233-01 FUJIFILM Healthcare Americas Synapse Mobility CISA encourages users and administrators to […]
    CISA
RSS ISACA SmartBrief on Cybersecurity
Ohio Department of Education & Workforce
MS-ISAC
CIS-Logo
Management Council Logo