CIS Security Advisories
CIS Security News
CISA News
ISACA SmartBrief
Cyber Security Advisories – MS-ISAC
- A Vulnerability in Oracle PeopleSoft PeopleTools Could Allow for Remote Code Execution 2026-06-11A vulnerability has been discovered in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools that could allow an attacker with network access via HTTP to completely takeover the software. PeopleSoft is an integrated enterprise resource planning (ERP) software suite widely used by large organizations for managing core business functions, including HR, payroll, finance, supply […]
- Critical Patches Issued for Microsoft Products, June 9, 2026 2026-06-09Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; […]
- Multiple Vulnerabilities in Check Point Products Could Allow for Authentication Bypass 2026-06-09Multiple vulnerabilities have been discovered in Check Point products the most severe of which could allow for authentication bypass.Check Point VPN Remote Access provides remote and mobile employees with secure, encrypted connections to corporate networks.Check Point Mobile Access enables secure remote access to enterprise applications through client-based or clientless solutions.Check Point Spark Firewall is an […]
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2026-06-09Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install […]
- A Vulnerability in Cisco Products Could Allow for Server-Side Request Forgery 2026-06-05A vulnerability has been discovered in Cisco products that could allow for Server-Side Request Forgery. Cisco Unified Communications Manager (Unified CM) / Cisco Unified Communications Manager Session Management Edition (Unified CM SME) is Cisco’s central, software-based call control and session management platform for enterprise communication.Successful exploitation of this vulnerability could allow for Server-Side Request Forgery, […]
- Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2026-05-20Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Successful exploitation of the most severe of these vulnerabilities could allow […]
- Multiple Vulnerabilities in NGINX Could Allow for Remote Code Execution 2026-05-18Multiple vulnerabilities have been discovered in NGINX, the most severe of which could allow for remote code execution. NGINX is a software used for web serving, reverse proxying, caching, and load balancing. Successful exploitation of the most severe of these vulnerabilities may allow an unauthenticated threat actor to crash vulnerable NGINX worker processes by sending […]
- A Vulnerability in Microsoft Exchange Server Could Allow for Arbitrary Code Execution 2026-05-15A vulnerability has been discovered in Microsoft Exchange Server that could allow for arbitrary code execution. Microsoft Exchange Server is an enterprise-level email and collaboration platform developed by Microsoft that runs on Windows Server. Successful exploitation could allow for arbitrary JavaScript to be executed in the browser context. The malicious code would run with the […]
- Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution 2026-05-12Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for remote code execution. * FortiAuthenticator is a centralized identity and access management (IAM) solution that secures network access by managing user identities, Multi-Factor Authentication (MFA), and certificate management. * FortiSandbox is an advanced threat detection solution from Fortinet that […]
- Critical Patches Issued for Microsoft Products, May 12, 2026 2026-05-12Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; […]
Blog Feed – Center for Internet Security
- CIS Controls Community Volunteer Spotlight: Diego Bolatti 2026-06-12Diego Bolatti advances CIS Controls adoption for SMEs through research, policy templates, and AI-driven cybersecurity tools.
- The Return of MCAP: Malware Analysis Built for SLTT Members 2026-06-11Our Malicious Code Analysis Platform (MCAP) supports malware analysis specifically designed for SLTT teams. Read our blog post to learn more.
- Cybersecurity Hygiene Reinforced by the 2026 Verizon DBIR 2026-06-05The 2026 Verizon DBIR highlights how CIS Controls and CIS Benchmarks strengthen cybersecurity hygiene and defend against today's top attacks.
- CIS Benchmarks May 2026 Update 2026-05-18The following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below.
- Securing the Integration Protocol 2026-05-14Secure the protocol layer of AI systems with the CIS MCP Companion Guide, covering authorization, tool access, and execution controls.
- 5 Steps to Help Secure Your City before a Large-Scale Event 2026-05-12Have a large-scale event coming up? Here are five mitigation measures as part of a comprehensive approach to secure your city.
- Securing Agents and Autonomous Behavior 2026-05-12Learn how the CIS AI Agent Companion Guide helps secure the agent layer of AI systems, governing autonomy, tool use, memory, and multi‑agent behavior.
- Standing Strong Together: The Resilient Spirit of the SLTT Cybersecurity Community 2026-05-04More than 5,000 in the U.S. SLTT cybersecurity community have affirmed their belief that collaboration in the MS-ISAC is essential. Read more.
- CIS Benchmarks April 2026 Update 2026-05-01The following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below. Each Benchmark and
- Securing the AI Ecosystem Begins at the Model Layer 2026-04-30Download our three Companion Guides to learn how to stay aligned to the CIS Controls in your real-world AI environments.
All CISA Advisories
- CISA Adds One Known Exploited Vulnerability to Catalog 2026-06-12CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) […]CISA
- CISA Adds One Known Exploited Vulnerability to Catalog 2026-06-11CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-10520 Ivanti Sentry OS Command Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates […]CISA
- Brickcom Cameras 2026-06-11View CSAF Summary Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to gain unauthorized access to live video feeds, retrieve sensitive visual information from affected premises, and obtain administrative control of the device. The following versions of Brickcom Cameras are affected: Brickcom Cube 3.2.3.5.6 Brickcom Dome 3.2.3.5.6 Brickcom Bullet 3.2.3.5.6 Brickcom Box […]CISA
- Naxclow IoT Platform 2026-06-11View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to impersonate devices, intercept or manipulate communications, harvest sensitive credentials at scale, or gain unauthorized access. The following versions of Naxclow IoT Platform are affected: Smart Doorbell X3 vers:all/* X Smart Home vers:all/* V720 vers:all/* ix cam vers:all/* CVSS Vendor Equipment Vulnerabilities v3 […]CISA
- Yarbo Android/iOS Mobile Application and Cloud Infrastructure 2026-06-11View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain hard-coded credentials, gain access to telemetry data, and potentially send operational commands to the robot fleet. The following versions of Yarbo Android/iOS Mobile Application and Cloud Infrastructure are affected: Yarbo Android/IOS mobile application Cloud MQTT infrastructure vers:all/* CVSS Vendor Equipment Vulnerabilities […]CISA
- Schneider Electric Modicon Network Managed Switches 2026-06-09View CSAF Summary Schneider Electric is aware of a RADIUS protocol vulnerability affecting its Modicon Network Managed Switch product. The Modicon Network Managed Switch product provides connectivity for multiple Ethernet devices, network management, enhanced cyber security and more advanced switching features. Failure to apply the mitigation provided below may risk forgery attacks in RADIUS Protocol, […]CISA
- Schneider Electric EcoStruxure Panel Server 2026-06-09View CSAF Summary Schneider Electric is aware of its vulnerability in its EcoStruxure Panel Server offer. The EcoStruxure Panel Server is a high performance, modular gateway with enhanced cybersecurity that provides easy and fast connections to multiple concurrent edge control or cloud applications. Failure to apply the remediations provided below may risk unauthorized authentication, which […]CISA
- Siemens KACO Blueplanet Inverters 2026-06-09View CSAF Summary KACO blueplanet Inverters contain multiple vulnerabilities that could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access. KACO new energy GmbH has released new versions for several affected products and recommends to update to the latest versions. KACO new energy GmbH is […]CISA
- CISA Adds Three Known Exploited Vulnerabilities to Catalog 2026-06-09CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-7473 Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability CVE-2026-11645 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability CVE-2026-20245 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability These types of vulnerabilities […]CISA
- CISA Adds Two Known Exploited Vulnerabilities to Catalog 2026-06-08CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42271 BerriAI LiteLLM Command Injection Vulnerability CVE-2026-50751 Check Point Security Gateway Improper Authentication Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding […]CISA
ISACA SmartBrief on Cybersecurity
- Who Said It? You have to have that fire in your belly. 2026-06-12Lionel Messi or Albert Wolsky Check your answer here.
- ISACA 2026 Europe Conference Registration is Open 2026-06-12Immerse yourself in premier IS/IT content, network with like-minded professionals, and hear from insightful thought leaders a -More-
- Nov. 16-19, Las Vegas: ISACA Training Week 2026-06-12-More-
- CMMC as a business design decision: Measure what leadership cares about 2026-06-12CMMC demands business decisions, not just compliance activity. -More-
- University of Nottingham data breach hits 454K students 2026-06-12The University of Nottingham in England has experienced a data breach affecting 454,600 students and alumni, with the ShinyHu -More-
- CISOs urged to shift focus as frontier AI reshapes discovery 2026-06-12The introduction of frontier AI models such as Claude Mythos and OpenAI's GPT-5.5 is transforming cybersecurity by accelerati -More-
- Siemens patches for Desigo CC flagged as false positives 2026-06-12Siemens has alerted customers that patch files for Desigo CC versions 7 through 9 have been incorrectly flagged as malware by -More-
- OceanLotus targets Vietnam with SpectralViper backdoor 2026-06-12OceanLotus has launched cyberattacks against domestic entities in Vietnam, using the SpectralViper backdoor to target a trans -More-
- "Agentjacking" can exploit AI coding agents via Sentry 2026-06-12Tenet Security has identified an attack method called "agentjacking," which exploits a vulnerability in the Sentry app to tri -More-
- Agency mandates quick patching amid AI-driven threats 2026-06-12The Cybersecurity and Infrastructure Security Agency has issued a directive requiring federal civilian agencies to patch soft -More-
