cisa

CISA has published an industrial-control‑systems advisory for the Ubia Ubox camera ecosystem that assigns CVE‑2025‑12636 to an Insufficiently Protected Credentials weakness in Ubox firmware (reported affected version: Ubox v1.1.1243) and warns that, if exploited, attackers could remotely view...

CISA has quietly expanded its Known Exploited Vulnerabilities (KEV) Catalog again, adding two actively exploited flaws that demand immediate attention from system owners and defenders: an unauthenticated local file inclusion in Gladinet CentreStack and Triofox tracked as CVE-2025-11371, and an...

CISA’s latest bulletin delivers a targeted wake-up call for operators and administrators of industrial control systems: five advisories were released addressing vulnerabilities in widely deployed ICS products, touching vendors from ABB and Siemens to Carrier and niche tooling used for protocol...

CISA and the NSA have issued coordinated, high‑urgency guidance for organisations running on‑premises or hybrid Microsoft Exchange Server and Windows Server Update Services (WSUS) after active exploitation of a critical WSUS vulnerability (CVE‑2025‑59287) and continued targeting of Exchange...

A newly disclosed weakness in the ISO 15118 electric‑vehicle charging stack lets an attacker manipulate the Signal Level Attenuation Characterization (SLAC) exchange used to pair a vehicle and charger, creating a practical man‑in‑the‑middle (MitM) pathway between EV and EVSE that affects...

Vertikal Systems’ Hospital Manager Backend Services contained two information‑disclosure flaws that were fixed by the vendor on September 19, 2025, but the issues highlight a recurring weakness in ASP.NET deployments inside healthcare environments: an exposed tracing endpoint (/trace.axd) that...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to urgently remediate a critical Windows Server Update Services (WSUS) vulnerability — tracked as CVE-2025-59287 — after Microsoft released an emergency out‑of‑band patch and multiple security firms...

Federal agencies and private-sector IT teams were put on high alert this week after the Cybersecurity and Infrastructure Security Agency (CISA) added a critical Windows Server Update Service flaw — tracked as CVE‑2025‑59287 — to its Known Exploited Vulnerabilities catalog and ordered rapid...

RaiseComm RAX701‑GC appliances used in industrial and carrier networks contain a remote SSH authentication‑bypass that can deliver an unauthenticated root shell to a network attacker — a high‑severity control‑plane compromise tracked as CVE‑2025‑11534 and called out in a U.S. Cybersecurity and...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. Executive summary What happened: The Cybersecurity and Infrastructure Security Agency (CISA) added CVE‑2025‑54253 — a critical remote code‑execution...

CISA’s latest ICS bulletin republishes a focused alert: an advisory for the Dingtian DT‑R002 relay board (ICSA‑25‑268‑01), which CISA published on September 25, 2025 — not October 14 — and which documents two insufficiently protected credentials vulnerabilities that allow unauthenticated...

On March 11, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) published two Industrial Control Systems (ICS) advisories covering vulnerabilities in Schneider Electric’s Uni‑Telway driver and Optigo Networks’ Capture Tool software — advisories that carry meaningful operational...

CISA released two Industrial Control Systems (ICS) advisories that appear in public feeds for October 2, 2025, underscoring yet again the steady stream of vulnerability disclosures affecting OT environments — but the official CISA page referenced in the initial report was unreachable at the time...

A newly published U.S. Cybersecurity and Infrastructure Security Agency (CISA) advisory warns that an authentication‑bypass flaw in two LG Innotek CCTV models can be exploited remotely to attain administrative access — and that the affected products are end‑of‑life and will not be patched...

National Instruments has confirmed a cluster of high‑severity memory‑corruption vulnerabilities in its Circuit Design Suite that let a crafted .sym symbol file crash, disclose data from, or — in the worst case — run arbitrary code on affected engineering workstations; the vendor issued a patch...

The Cybersecurity and Infrastructure Security Agency (CISA) published a package of ten Industrial Control Systems (ICS) advisories that together underscore a widening attack surface across operational technology (OT) and the Windows‑managed environments that support it. Background Industrial...

Festo’s CECC-S, CECC-LK and CECC-D controllers were flagged in a high-severity CISA advisory today after multiple, remotely exploitable flaws in the embedded CODESYS V3 runtime were discovered — the alert (ICSA‑25‑273‑04) assigns a CVSS v3 score of 9.8 and warns operators that unpatched devices...

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory on a critical remote code execution vulnerability in MegaSys’s Telenium Online web application, a network‑management platform widely used in telecommunications, energy and government environments; the flaw...

CISA has quietly but urgently updated its Known Exploited Vulnerabilities (KEV) Catalog to include five freshly observed, actively exploited flaws — spanning a PHP-based database tool, enterprise managed file transfer, major network operating systems, an email security appliance, and the...

CISA has published a new Industrial Control Systems advisory highlighting two high-impact credential-exposure vulnerabilities in the Dingtian DT‑R002 relay board, warning that all firmware versions are affected and urging immediate defensive actions while noting the vendor has not engaged with...