CIS Security Advisories
CIS Security News
CISA News
ISACA SmartBrief
Cyber Security Advisories – MS-ISAC
- Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2026-04-28Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client.Mozilla Thunderbird ESR is a version […]
- Oracle Quarterly Critical Patches Issued April 21, 2026 2026-04-28Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; […]
- A Vulnerability in OpenSSH Could Allow for Authentication Bypass 2026-04-28A vulnerability has been discovered in OpenSSH which could allow for authentication bypass. OpenSSH (Open Secdure Shell) is an open-source suite of secure networking utilities based on the SSH protocol. It provides encrypted communication sessions over unsecured networks in a client-server architecture, primarily used for remote login and secure file transfers. Successful exploitation of the vulnerability could […]
- Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2026-04-21Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client.Mozilla Thunderbird ESR is a version […]
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2026-04-16Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; […]
- Critical Patches Issued for Microsoft Products, April 14, 2026 2026-04-14Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; […]
- Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution 2026-04-14Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for arbitrary code execution.FortiAnalyzer is a unified security operations platform that consolidates telemetry across networks, endpoints, and cloud environments.FortiClientEMS is a centralized management platform for deploying, configuring, monitoring, and enforcing security policies across numerous endpoints (computers) running the FortiClient agent.FortiDDoS […]
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2026-04-14Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe Acrobat Reader is a free, widely used software application from Adobe that allows users to view, print, sign, share, and annotate PDF documents.Adobe InDesign is desktop publishing software used to create, pre-flight, and publish professional page […]
- Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2026-04-07Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client.Mozilla Thunderbird ESR is a version […]
- A Vulnerability in Fortinet FortiClientEMS Could Allow for Arbitrary Code Execution 2026-04-04A Vulnerability has been discovered in Fortinet FortiClientEMS that could allow for arbitrary code execution. FortiClientEMS is a centralized management platform for deploying, configuring, monitoring, and enforcing security policies across numerous endpoints (computers) running the FortiClient agent.Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the affected service account. Depending on […]
Blog Feed – Center for Internet Security
- Applying the CIS Controls to Real‑World AI Environments 2026-04-21Download our three Companion Guides to learn how to stay aligned to the CIS Controls in your real-world AI environments.
- Follow-on Impressions from RSAC 2026: Insights from Tony Sager 2026-04-16After RSAC 2026 Conference, Tony Sager shares his reflections on the patterns and questions that stayed with him after the rush faded.
- From Community to Cloud: How CIS Hardened Images Turn Best Practices into Secure Deployment 2026-04-14CIS Benchmarks and CIS Hardened Images enable secure cloud deployment, reduce misconfigurations, and enforce consistent security baselines.
- MacSync Stealer Campaign Impacting U.S. SLTT macOS Users 2026-04-13An ongoing MacSync Stealer campaign is targeting macOS users in U.S. SLTT government organizations. Learn more by reading CIS CTI's analysis.
- Vimeo-Themed Phishing Campaign Targeting Personal and Banking Data 2026-04-06CIS CTI has identified an ongoing Vimeo-themed phishing campaign impacting U.S. SLTTs. Read the team's analysis to learn how to stay safe.
- IRS-Themed Phishing Granting Threat Actors Remote Access 2026-03-24The CIS CTI team spotted an ongoing campaign targeting SLTT government entities with tax- and IRS-themed phishing lures. Take a closer look.
- ZPHP Campaign Delivering Remcos RAT Impacting SLTTs 2026-03-17CIS CTI identified an ongoing ZPHP campaign impacting U.S. SLTTs that delivers the Remcos RAT. Find out how to defend your organization.
- What’s on My Radar for RSAC 2026: Insights from Tony Sager 2026-03-17Ahead of RSAC 2026 Conference, Tony Sager shares his thoughts about upcoming sessions and how he navigates the conference.
- 2025 Year in Review: Sustaining Cybersecurity 2026-03-16CIS sustained vital protections despite funding cuts and rising multidimensional threats. Learn more by watching our 2025 Year in Review 2025 video.
- CIS Benchmarks March 2026 Update 2026-03-06Here is an overview of the CIS Benchmarks that the Center for Internet Security (CIS) updated or released for March 2026.
All CISA Advisories
- Adapting Zero Trust Principles to Operational Technology 2026-04-29Adapting Zero Trust Principles to Operational Technology CISA, in coordination with the Department of War, Department of Energy, Federal Bureau of Investigation, and Department of State, released Adapting Zero Trust Principles to Operational Technology, joint guidance for organizations applying zero trust (ZT) principles to operational technology (OT). Zero trust is a modern, adaptive approach to […]CISA
- CISA Adds Two Known Exploited Vulnerabilities to Catalog 2026-04-28CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-1708 ConnectWise ScreenConnect Path Traversal Vulnerability CVE-2026-32202 Microsoft Windows Protection Mechanism Failure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as […]CISA
- NSA GRASSMARLIN 2026-04-28View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information. The following versions of NSA GRASSMARLIN are affected: GRASSMARLIN vers:all/* CVSS Vendor Equipment Vulnerabilities v3 5.5 NSA NSA GRASSMARLIN Improper Restriction of XML External Entity Reference Background Critical Infrastructure Sectors: Information Technology Countries/Areas Deployed: Worldwide Company Headquarters Location: United […]CISA
- CISA Adds Four Known Exploited Vulnerabilities to Catalog 2026-04-24CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-7399 Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57726 SimpleHelp Missing Authorization Vulnerability CVE-2024-57728 SimpleHelp Path Traversal Vulnerability CVE-2025-29635 D-Link DIR-823X Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: […]CISA
- Carlson Software VASCO-B GNSS Receiver 2026-04-23View CSAF Summary Successful exploitation of this vulnerability could enable a remote attacker to alter critical system functions or disrupt device operation. The following versions of Carlson Software VASCO-B GNSS Receiver are affected: VASCO-B GNSS ReceiverCISA
- Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera 2026-04-23View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to bypass authentication and have remote access to sensitive information on the device. The following versions of Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera are affected: IP Camera XM530V200_X6-WEQ_8M firmware V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06 (CVE-2025-65856) CVSS Vendor Equipment Vulnerabilities v3 9.8 Hangzhou Xiongmai Technology Co., […]CISA
- CISA Adds One Known Exploited Vulnerability to Catalog 2026-04-23CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-39987 Marimo Remote Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk […]CISA
- FIRESTARTER Backdoor 2026-04-23Malware Analysis Report at a Glance Malware Name FIRESTARTER Original Publication April 23, 2026 Executive Summary The Cybersecurity and Infrastructure Security Agency (CISA) analyzed a sample of FIRESTARTER malware obtained from a forensic investigation. CISA and the United Kingdom National Cyber Security Centre (NCSC) assess advanced persistent threat (APT) actors are using FIRESTARTER malware for […]CISA
- Yadea T5 Electric Bicycle 2026-04-23View CSAF Summary Successful exploitation of this vulnerability could result in an attacker being able to unlock and start the bicycle, leading to vehicle theft. The following versions of Yadea T5 Electric Bicycle are affected: T5 Electric Bicycle vers:all/* (CVE-2025-70994) CVSS Vendor Equipment Vulnerabilities v3 7.3 Yadea Yadea T5 Electric Bicycle Weak Authentication Background Critical […]CISA
- SpiceJet Online Booking System 2026-04-23View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information. The following versions of SpiceJet Online Booking System are affected: Online Booking System vers:all/* (CVE-2026-6375, CVE-2026-6376) CVSS Vendor Equipment Vulnerabilities v3 7.5 SpiceJet SpiceJet Online Booking System Authorization Bypass Through User-Controlled Key, Missing Authentication for Critical Function Background Critical […]CISA
ISACA SmartBrief on Cybersecurity
- Honor people and grant them the respect they deserve simply because they are people. 2026-04-29Don Janssen, wildlife veterinarian
- Checkmarx data breached, leaked by Lapsus$ after attack 2026-04-29Checkmarx has confirmed that data stolen from its GitHub repository has been leaked by the Lapsus$ hacking group. -More-
- ISACA 2026 North American Conference Timer 2026-04-29
- CISOs must adapt identity strategies for agentic AI era 2026-04-29Chief information security officers are rethinking identity management as AI agents proliferate, creating challenges in attri -More-
- Ransomware groups clash in data leak battle 2026-04-29Ransomware groups 0APT and KryBit are rebuilding their infrastructure after leaking each other's operational data online, acc -More-
- Vect ransomware bug turns files larger than 128KB into wiper 2026-04-29Vect ransomware, which emerged in December 2025, contains a critical bug that turns files larger than 128KB into a wiper, mak -More-
- Pack2TheRoot vulnerability in PackageKit allows root access 2026-04-29A high-severity vulnerability in PackageKit, dubbed Pack2TheRoot, has been discovered by Deutsche Telekom's Red Team. -More-
- AI shifts cybersecurity focus from vulnerabilities to data 2026-04-29AI is transforming cybersecurity by rapidly identifying and fixing vulnerabilities, but this shift is exposing a new risk: da -More-
