Cyber Security News

CIS Security Advisories

CIS Security News

CISA News

ISACA SmartBrief

RSS Cyber Security Advisories – MS-ISAC
  • A Vulnerability in Microsoft Windows Server Update Services (WSUS) Could Allow for Remote Code Execution 2025-10-24
    A vulnerability has been discovered in Microsoft Windows Server Update Services (WSUS) which could allow for remote code execution. WSUS is a tool that helps organizations manage and distribute Microsoft updates across multiple computers. Instead of every PC downloading updates from Microsoft’s servers, WSUS downloads the updates and stores them, then distributes them to all […]
  • Oracle Quarterly Critical Patches Issued October 21, 2025 2025-10-22
    Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.
  • Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution 2025-10-16
    Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system.Ivanti Endpoint Manager is a client-based unified endpoint management software.Ivanti Endpoint Manager Mobile (Ivanti EPMM) is […]
  • Critical Patches Issued for Microsoft Products, October 14, 2025 2025-10-16
    Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; […]
  • Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2025-10-16
    Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.*Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client.Mozilla Thunderbird ESR is a version […]
  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2025-10-16
    Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Connect is a software suite for online collaboration.Adobe Commerce is an enterprise-grade eCommerce platform that provides tools for creating and managing online stores for both B2B and B2C businesses.Magento Open Source is a free, downloadable eCommerce platform […]
  • A Vulnerability in Oracle E-Business Suite Could Allow for Remote Code Execution 2025-10-16
    A vulnerability has been discovered in Oracle E-Business Suite, which could allow for remote code execution. Oracle E-Business Suite (EBS) is a comprehensive suite of integrated business applications that runs core enterprise functions. Successful exploitation of this vulnerability could allow an actor to execute code in the context of the affected component. An attacker could […]
  • Multiple Vulnerabilities in VMware Aria Operations and VMware Tools Could Allow for Privilege Escalation 2025-10-01
    Multiple vulnerabilities have been discovered in VMware Aria Operations and VMware Tools, the most severe of which could allow for privilege escalation to root. VMware Aria is a multi-cloud management platform that provides automation, operations, and cost management for applications and infrastructure across private, public, and hybrid cloud environments. Successful exploitation of the most severe […]
  • Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution 2025-09-25
    Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for remote code execution. Cisco is a leading technology company best known for its networking hardware and software, such as routers and switches, that form the backbone of the internet and enterprise networks. Successful exploitation of the most severe of […]
  • A Vulnerability in Nx (build system) Package Could Allow for Sensitive Data Exfiltration 2025-09-25
    A vulnerability has been discovered in Nx (build system) Package, which could allow for sensitive data exfiltration. Nx is a smart, fast, and extensible build system designed for managing monorepos efficiently by providing features like dependency graph analysis, computation caching, distributed task execution, and codebase upgrades. Successful exploitation of this vulnerability could allow an attacker […]
RSS Blog Feed – Center for Internet Security
RSS All CISA Advisories
  • CISA Adds Two Known Exploited Vulnerabilities to Catalog 2025-10-30
    CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-24893 XWiki Platform Eval Injection Vulnerability CVE-2025-41244 Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to […]
    CISA
  • Hitachi Energy TropOS 2025-10-30
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: TropOS Vulnerabilities: OS Command Injection, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow command injections and privilege escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports TropOS wireless devices are affected when […]
    CISA
  • New Guidance Released on Microsoft Exchange Server Security Best Practices 2025-10-30
    Today, CISA, in partnership with the National Security Agency and international cybersecurity partners, released Microsoft Exchange Server Security Best Practices, a guide to help network defenders harden on-premises Exchange servers against exploitation by malicious actors. Threat activity targeting Exchange continues to persist, and organizations with unprotected or misconfigured Exchange servers remain at high risk of […]
    CISA
  • CISA Releases Two Industrial Control Systems Advisories 2025-10-30
    CISA released two Industrial Control Systems (ICS). These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-25-303-01 International Standards Organization ISO 15118-2 ICSA-25-303-02 Hitachi Energy TropOS  CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations.
    CISA
  • International Standards Organization ISO 15118-2 2025-10-30
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.2 ATTENTION: Low Attack Complexity Standard: ISO 15118-2 Network and Application Protocol Requirements Equipment: EV Car Chargers Vulnerability: Improper Restriction of Communication Channel to Intended Endpoints 2. RISK EVALUATION Successful exploitation of this vulnerability could result in man-in-the-middle attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ISO […]
    CISA
  • Schneider Electric EcoStruxure 2025-10-28
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the loss of real-time process data from the Modicon Controller. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric […]
    CISA
  • CISA Adds Two Known Exploited Vulnerabilities to Catalog 2025-10-28
    CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-6204 Dassault Systèmes DELMIA Apriso Code Injection Vulnerability CVE-2025-6205 Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.  Binding […]
    CISA
  • Vertikal Systems Hospital Manager Backend Services 2025-10-28
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vertikal Systems Equipment: Hospital Manager Backend Services Vulnerabilities: Exposure of Sensitive System Information to an Unauthorized Control Sphere, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain unauthorized access […]
    CISA
  • CISA Releases Three Industrial Control Systems Advisories 2025-10-28
    CISA released three Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-25-301-01 Schneider Electric EcoStruxure ICSMA-25-301-01 Vertikal Systems Hospital Manager Backend Services ICSA-24-352-04 Schneider Electric Modicon (Update B)  CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations. 
    CISA
  • CISA Adds Two Known Exploited Vulnerabilities to Catalog 2025-10-24
    CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-54236 Adobe Commerce and Magento Improper Input Validation Vulnerability CVE-2025-59287 Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability  These types of vulnerabilities are frequent attack vectors for malicious cyber actors and poses significant risks to […]
    CISA
RSS ISACA SmartBrief on Cybersecurity
Ohio Department of Education & Workforce
MS-ISAC
CIS-Logo
Management Council Logo