CIS Security Advisories
CIS Security News
CISA News
ISACA SmartBrief
Cyber Security Advisories – MS-ISAC
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2026-07-01Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe Campaign Classic is an enterprise-grade marketing automation platform that helps organizations design, automate, and track complex, personalized cross-channel marketing campaigns.Adobe ColdFusion is a commercial rapid web application development platform used to build and deploy dynamic web […]
- Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2026-07-01Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Thunderbird is a free, open-source email, calendar, and chat application.Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the […]
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2026-07-01Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install […]
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2026-06-26Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install […]
- A Vulnerability in PAN-OS Could Allow for Authentication Bypass 2026-06-22A vulnerability has been discovered in the GlobalProtect portal and gateway of PAN-OS which could allow for authentication bypass. The PAN-OS GlobalProtect Portal acts as the central control plane for Palo Alto Networks VPN infrastructure. Successful exploitation of the vulnerability allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.
- Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2026-06-16Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Thunderbird is a free, open-source email, calendar, and chat application.Successful exploitation […]
- A Vulnerability in SimpleHelp Could Allow for Authentication Bypass 2026-06-16A vulnerability has been discovered in SimpleHelp, which could allow for authentication bypass. SimpleHelp is a self-hosted remote support, access, and monitoring software used by IT teams, managed service providers (MSPs), and helpdesks. It enables technicians to securely connect to, troubleshoot, and manage client computers and servers. Successful exploitation of the vulnerability could allow unauthenticated […]
- A Vulnerability in Oracle PeopleSoft PeopleTools Could Allow for Remote Code Execution 2026-06-11A vulnerability has been discovered in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools that could allow an attacker with network access via HTTP to completely takeover the software. PeopleSoft is an integrated enterprise resource planning (ERP) software suite widely used by large organizations for managing core business functions, including HR, payroll, finance, supply […]
- Critical Patches Issued for Microsoft Products, June 9, 2026 2026-06-09Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; […]
- Multiple Vulnerabilities in Check Point Products Could Allow for Authentication Bypass 2026-06-09Multiple vulnerabilities have been discovered in Check Point products the most severe of which could allow for authentication bypass.Check Point VPN Remote Access provides remote and mobile employees with secure, encrypted connections to corporate networks.Check Point Mobile Access enables secure remote access to enterprise applications through client-based or clientless solutions.Check Point Spark Firewall is an […]
Blog Feed – Center for Internet Security
- 6 Key Takeaways: Strengthening Public Safety Through Collective Defense 2026-06-30Here are six key takeaways from a CIS webinar for how U.S. SLTT agencies can strengthen public safety through collective defense.
- CIS Controls Accreditation Drives Global Cybersecurity Standards 2026-06-25CIS Controls Accreditation is raising global cybersecurity standards, setting a trusted benchmark for excellence, resilience, and best practices.
- CIS Benchmarks June 2026 Update 2026-06-18The following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below.
- Keep up with HIPAA Expectations amid Growing Cyber Threats 2026-06-16Healthcare organizations can satisfy cybersecurity and HIPAA compliance obligations while upholding patient safety. Read on to learn how.
- CIS Controls Community Volunteer Spotlight: Diego Bolatti 2026-06-12Diego Bolatti advances CIS Controls adoption for SMEs through research, policy templates, and AI-driven cybersecurity tools.
- The Return of MCAP: Malware Analysis Built for SLTT Members 2026-06-11Our Malicious Code Analysis Platform (MCAP) supports malware analysis specifically designed for SLTT teams. Read our blog post to learn more.
- Cybersecurity Hygiene Reinforced by the 2026 Verizon DBIR 2026-06-05The 2026 Verizon DBIR highlights how CIS Controls and CIS Benchmarks strengthen cybersecurity hygiene and defend against today's top attacks.
- CIS Benchmarks May 2026 Update 2026-05-18The following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below.
- Securing the Integration Protocol 2026-05-14Secure the protocol layer of AI systems with the CIS MCP Companion Guide, covering authorization, tool access, and execution controls.
- 5 Steps to Help Secure Your City before a Large-Scale Event 2026-05-12Have a large-scale event coming up? Here are five mitigation measures as part of a comprehensive approach to secure your city.
All CISA Advisories
- ST Engineering iDirect iQ-Series Terminals 2026-07-02View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition. The following versions of ST Engineering iDirect iQ-Series Terminals are affected: Evolution iQ‑Series terminalsCISA
- Gardyn IoT Hub 2026-07-02View CSAF Summary Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices. The following versions of Gardyn IoT Hub are affected: Home Firmware Studio Firmware Cloud APICISA
- CubeSpace CW0057 Reaction Wheel 2026-07-02View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device. The following versions of CubeSpace CW0057 Reaction Wheel are affected: CW0057 Reaction Wheel CVSS Vendor Equipment Vulnerabilities v3 6.1 CubeSpace CubeSpace CW0057 Reaction Wheel Improper Verification of Cryptographic Signature Background Critical Infrastructure Sectors: Communications Countries/Areas […]CISA
- CISA Adds One Known Exploited Vulnerability to Catalog 2026-07-01CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-45659 Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing […]CISA
- Frangoteam FUXA SCADA/HMI 2026-06-30View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. The following versions of Frangoteam FUXA SCADA/HMI are affected: FUXA SCADA/HMICISA
- StoneFly Storage Concentrator 2026-06-30View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems. The following versions of StoneFly Storage Concentrator are affected: Storage ConcentratorCISA
- Schneider Electric EcoStruxure IT Data Center Expert 2026-06-30View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxure™ IT Data Center Expert. The EcoStruxure™ IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipment. Failure to apply the remediation provided below may risk information disclosure. The […]CISA
- XZ Utils vulnerability impacting B&R Products 2026-06-30View CSAF Summary An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data. The following versions of XZ Utils vulnerability impacting B&R Products are affected: PPC3100CISA
- OFFIS DCMTK Toolkit 2026-06-30View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to write files, access unauthorized information, exhaust memory, or crash affected DCMTK client or server processes. The following versions of OFFIS DCMTK Toolkit are affected: DCMTKCISA
- Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M 2026-06-30View CSAF Summary Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed by the 7-Zip component included in MELSOFT Update Manager. The following versions […]CISA