Cyber Security News

CIS Security Advisories

CIS Security News

CISA News

ISACA SmartBrief

RSS Cyber Security Advisories – MS-ISAC
  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2026-07-01
    Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe Campaign Classic is an enterprise-grade marketing automation platform that helps organizations design, automate, and track complex, personalized cross-channel marketing campaigns.Adobe ColdFusion is a commercial rapid web application development platform used to build and deploy dynamic web […]
  • Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2026-07-01
    Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Thunderbird is a free, open-source email, calendar, and chat application.Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the […]
  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2026-07-01
    Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install […]
  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2026-06-26
    Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install […]
  • A Vulnerability in PAN-OS Could Allow for Authentication Bypass 2026-06-22
    A vulnerability has been discovered in the GlobalProtect portal and gateway of PAN-OS which could allow for authentication bypass. The PAN-OS GlobalProtect Portal acts as the central control plane for Palo Alto Networks VPN infrastructure. Successful exploitation of the vulnerability allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.
  • Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2026-06-16
    Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Thunderbird is a free, open-source email, calendar, and chat application.Successful exploitation […]
  • A Vulnerability in SimpleHelp Could Allow for Authentication Bypass 2026-06-16
    A vulnerability has been discovered in SimpleHelp, which could allow for authentication bypass. SimpleHelp is a self-hosted remote support, access, and monitoring software used by IT teams, managed service providers (MSPs), and helpdesks. It enables technicians to securely connect to, troubleshoot, and manage client computers and servers. Successful exploitation of the vulnerability could allow unauthenticated […]
  • A Vulnerability in Oracle PeopleSoft PeopleTools Could Allow for Remote Code Execution 2026-06-11
    A vulnerability has been discovered in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools that could allow an attacker with network access via HTTP to completely takeover the software. PeopleSoft is an integrated enterprise resource planning (ERP) software suite widely used by large organizations for managing core business functions, including HR, payroll, finance, supply […]
  • Critical Patches Issued for Microsoft Products, June 9, 2026 2026-06-09
    Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; […]
  • Multiple Vulnerabilities in Check Point Products Could Allow for Authentication Bypass 2026-06-09
    Multiple vulnerabilities have been discovered in Check Point products the most severe of which could allow for authentication bypass.Check Point VPN Remote Access provides remote and mobile employees with secure, encrypted connections to corporate networks.Check Point Mobile Access enables secure remote access to enterprise applications through client-based or clientless solutions.Check Point Spark Firewall is an […]
RSS Blog Feed – Center for Internet Security
RSS All CISA Advisories
  • ST Engineering iDirect iQ-Series Terminals 2026-07-02
    View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition. The following versions of ST Engineering iDirect iQ-Series Terminals are affected: Evolution iQ‑Series terminals
    CISA
  • Gardyn IoT Hub 2026-07-02
    View CSAF Summary Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices. The following versions of Gardyn IoT Hub are affected: Home Firmware Studio Firmware Cloud API
    CISA
  • CubeSpace CW0057 Reaction Wheel 2026-07-02
    View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device. The following versions of CubeSpace CW0057 Reaction Wheel are affected: CW0057 Reaction Wheel CVSS Vendor Equipment Vulnerabilities v3 6.1 CubeSpace CubeSpace CW0057 Reaction Wheel Improper Verification of Cryptographic Signature Background Critical Infrastructure Sectors: Communications Countries/Areas […]
    CISA
  • CISA Adds One Known Exploited Vulnerability to Catalog 2026-07-01
    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-45659 Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing […]
    CISA
  • Frangoteam FUXA SCADA/HMI 2026-06-30
    View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. The following versions of Frangoteam FUXA SCADA/HMI are affected: FUXA SCADA/HMI
    CISA
  • StoneFly Storage Concentrator 2026-06-30
    View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems. The following versions of StoneFly Storage Concentrator are affected: Storage Concentrator
    CISA
  • Schneider Electric EcoStruxure IT Data Center Expert 2026-06-30
    View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipment. Failure to apply the remediation provided below may risk information disclosure. The […]
    CISA
  • XZ Utils vulnerability impacting B&R Products 2026-06-30
    View CSAF Summary An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data. The following versions of XZ Utils vulnerability impacting B&R Products are affected: PPC3100
    CISA
  • OFFIS DCMTK Toolkit 2026-06-30
    View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to write files, access unauthorized information, exhaust memory, or crash affected DCMTK client or server processes. The following versions of OFFIS DCMTK Toolkit are affected: DCMTK
    CISA
  • Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M 2026-06-30
    View CSAF Summary Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed by the 7-Zip component included in MELSOFT Update Manager. The following versions […]
    CISA
Ohio Department of Education & Workforce
MS-ISAC
CIS-Logo
Management Council Logo