CIS Security Advisories
CIS Security News
CISA News
ISACA SmartBrief
Cyber Security Advisories – MS-ISAC
- Multiple Vulnerabilities in Cisco Security Products Could Allow for Arbitrary Code Execution 2025-08-15Multiple vulnerabilities have been discovered in Cisco security products that could allow for arbitrary code execution.Cisco Secure Firewall Management Center (FMC) is a centralized management solution for Cisco Secure Firewall devices, enabling policy control, event monitoring, and threat analysis.Cisco Firepower 2100 Series is a family of threat-focused firewalls designed for high-performance security and visibility across […]
- Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution 2025-08-14Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for remote code execution. FortiSIEM is a Security Information and Event Management (SIEM) solution from Fortinet that provides real-time infrastructure and user awareness for accurate threat detection, analysis, and reporting.FortiManager is a network and security management tool that provides centralized management […]
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2025-08-13Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Commerce is a comprehensive, enterprise-grade e-commerce platform, formerly known as Magento Commerce, that allows businesses to build, personalize, and manage online stores.Adobe Substance 3D Viewer is a tool that allows users to view, customize, and […]
- Critical Patches Issued for Microsoft Products, August 12, 2025 2025-08-12Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users […]
- A Vulnerability in SonicWall SonicOS management access and SSLVPN Could Allow for Unauthorized Access 2025-08-08A vulnerability has been discovered in SonicWall SonicOS Management Access and SSLVPN, which could allow for unauthorized resource access and in specific conditions, causing the firewall to crash. SonicOS is SonicWall’s operating system designed for their firewalls and other security devices. Successful exploitation of the most severe of these vulnerabilities could allow for unauthorized access […]
- Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution 2025-07-30Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install […]
- A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution 2025-07-30A Vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Successful exploitation of the the vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or […]
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2025-07-23Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe After Effects – Used for creating motion graphics, visual effects, and compositing in film, television, and online content.Adobe Substance 3D Viewer – A 3D visualization and editing tool for opening, adjusting, and rendering 3D models.Adobe Audition – Professional […]
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2025-07-23Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; […]
- Multiple Vulnerabilities in Microsoft SharePoint Server Could Allow for Remote Code Execution 2025-07-22Multiple Vulnerabilities have been discovered in Microsoft SharePoint Server, which could allow for remote code execution. Microsoft SharePoint Server is a web-based collaborative platform that integrates with Microsoft Office. Successful exploitation of these vulnerabilities allows for unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, […]
Blog Feed – Center for Internet Security
- CIS Controls Ambassador Spotlight: Eric Woodard 2025-08-21The CIS Controls Ambassador program is an initiative of the CIS that focuses on enhancing the adoption of key cybersecurity best practices.
- CIS Benchmarks August 2025 Update 2025-08-19Here is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for August 2025.
- Critical Infrastructure Caught in a Botnet 2025-08-14Cyber threat actors frequently use a botnet in their efforts to target U.S. critical infrastructure. Read on for how to defend your networks.
- 5 Cyber Questions Sheriffs & Police Chiefs Should Ask 2025-08-14Cyber threat actors continue to target law enforcement agencies. Here are five cyber questions LE executives can ask to evaluate their defenses.
- Applying CIS Benchmarks to Harden Windows 11 VDI Systems 2025-08-13Learn how the CIS IT team successfully implemented CIS Benchmarks in a Virtual Desktop Infrastructure (VDI) environment—specifically focusing on Windows 11.
- Automating the CIS Controls with OSCAL 2025-07-24Automation for Controls: Meet OSCAL, the Open Security Controls Assessment Language OSCAL, also known as the Open Security Controls Assessment.
- Top 10 Malware Q2 2025 2025-07-18Total malware notifications from MS-ISAC monitoring services decreased 18% from Q1 2025 to Q2 2025. Read our Top 10 Malware Q2 2025 for more.
- CIS Benchmarks July 2025 Update 2025-07-08Here is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for July 2025.
- What Makes CIS Hardened Images Secure Enough for the U.S. IC 2025-06-30How do U.S. IC organizations strengthen their cloud security in a way that meets their needs? See how the CIS Hardened Images® can help.
- Lay a Cybersecurity Foundation and Master CIS Controls IG1 2025-06-13Today’s digital threats don’t discriminate by size or sector. Building a solid cybersecurity foundation is no longer optional—it’s essential.
All CISA Advisories
- CISA Releases Three Industrial Control Systems Advisories 2025-08-26CISA released three Industrial Control Systems (ICS) advisories on August 26, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-238-01 INVT VT-Designer and HMITool ICSA-25-238-03 Schneider Electric Modicon M340 Controller and Communication Modules ICSA-25-140-03 Danfoss AK-SM 8xxA Series (Update A) CISA encourages users and administrators to review newly […]CISA
- INVT VT-Designer and HMITool 2025-08-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: INVT Equipment: VT-Designer and HMITool Vulnerabilities: Out-of-bounds Write, Access of Resource Using Incompatible Type ('Type Confusion') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of the current process. 3. TECHNICAL DETAILS 3.1 […]CISA
- CISA Adds One Known Exploited Vulnerability to Catalog 2025-08-26CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-7775 Citrix NetScaler Memory Overflow Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk […]CISA
- Schneider Electric Modicon M340 Controller and Communication Modules 2025-08-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and Communication Modules Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following […]CISA
- CISA Adds Three Known Exploited Vulnerabilities to Catalog 2025-08-25CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-8069 Citrix Session Recording Deserialization of Untrusted Data Vulnerability CVE-2024-8068 Citrix Session Recording Improper Privilege Management Vulnerability CVE-2025-48384 Git Link Following Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant […]CISA
- CISA Requests Public Comment for Updated Guidance on Software Bill of Materials 2025-08-22CISA released updated guidance for the Minimum Elements for a Software Bill of Materials (SBOM) for public comment—comment period begins today and concludes on October 3, 2025. These updates build on the 2021 version of the National Telecommunications and Information Administration SBOM Minimum Elements to reflect advancements in tooling and implementation. An SBOM serves as […]CISA
- Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module 2025-08-21View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series CPU module Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a remote attacker being able to delay the processing of the Web server function […]CISA
- CISA Adds One Known Exploited Vulnerability to Catalog 2025-08-21CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-43300 Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the […]CISA
- FUJIFILM Healthcare Americas Synapse Mobility 2025-08-21View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: FUJIFILM Healthcare Americas Corporation Equipment: Synapse Mobility Vulnerability: External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following […]CISA
- CISA Releases Three Industrial Control Systems Advisories 2025-08-21CISA released three Industrial Control Systems (ICS) advisories on August 21, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-233-01 Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module ICSA-25-177-01 Mitsubishi Electric Air Conditioning Systems (Update A) ICSMA-25-233-01 FUJIFILM Healthcare Americas Synapse Mobility CISA encourages users and administrators to […]CISA
ISACA SmartBrief on Cybersecurity
- Data breach at Farmers Insurance affects over 1M 2025-08-26Farmers Insurance has disclosed a data breach affecting more than 1 million individuals after learning from a third-party ven -More-
- I had a lot of horse and nobody could catch us. 2025-08-26Ron Turcotte, thoroughbred race horse jockey who rode Secretariat to the Triple Crown in 1973 1941-2025
- Report: Staff shortages hindering cybersecurity 2025-08-26A report by Accenture reveals that 83% of chief information security officers see a shortage of staff as a barrier to a stron -More-
- Innovation drives shorter IT solution lifespans 2025-08-26IT solutions are experiencing shorter lifespans as technology innovation accelerates, with some solutions now considered only -More-
- Tool sprawl can create inefficiencies and gaps in defenses 2025-08-26Unified exposure management is emerging as a solution to cybersecurity challenges posed by tool sprawl, where organizations d -More-
- Malvertising campaign targets macOS with AMOS variant 2025-08-26A malvertising campaign has targeted organizations worldwide with a variant of Atomic macOS Stealer, known as SHAMOS, accordi -More-
- LLM-based tool aids insider threat detection 2025-08-26Researchers have unveiled Chimera, a system that employs large language model agents to simulate normal and malicious employe -More-
