Cybersecurity News from Across the Internet
National Threat Level: Blue (Guarded) This threat level is based on analysis by the Center for Internet Security® (CIS®) Operations, Intelligence, and Services (OIS) department covering the cyber threat landscape for Quarter 4 (Q4) of 2025. In calendar year 2025Q4, OIS published 26 Cybersecurity Advisories for critical severity high risk vulnerabilities in popular software applications … Read More “Threat Level – GUARDED – Cyber Threat Alert” »
CSPM tools are big business. Could they be the answer to your cloud configuration problems? – Read More – NCSC Feed
Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager Mobile which could allow for remote code execution. Ivanti Endpoint Manager Mobile is a mobile management software engine that enables IT to set policies for mobile devices, applications and content. Successful exploitation of these vulnerabilities could allow for remote code execution in the context of the … Read More “Multiple Vulnerabilities in Ivanti Endpoint Manager Mobile Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
CRTFs are helping organisations to make informed, risk-based decisions on the adoption of technology products. – Read More – NCSC Feed
Multiple vulnerabilities have been discovered in SolarWinds Web Help Desk, the most severe of which could allow for arbitrary code execution. SolarWinds Web Help Desk (WHD) is a web-based software that provides IT help desk and asset management functionality, allowing IT teams to manage service requests, track IT assets, and offer self-service options to end-users. … Read More “Multiple Vulnerabilities in SolarWinds Web Help Desk Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
A vulnerability has been discovered in Microsoft Office which could allow for a security feature bypass. Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer. You can create and edit documents containing text and images, work with data in spreadsheets and databases, and create presentations … Read More “A Vulnerability in Microsoft Office Could Allow for Security Feature Bypass – Cyber Security Advisories – MS-ISAC” »
A vulnerability has been discovered in Cisco Unified Communications Products which could allow for remote code execution. Cisco Unified Communications (UC) Products are an integrated suite of IP-based hardware and software that combine voice, video, messaging, and data into a single platform. Successful exploitation of this vulnerability could allow for remote code execution as root, … Read More “A Vulnerability in Cisco Unified Communications Products Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Bridge is a creative asset manager that lets you preview, organize, edit, and publish multiple creative assets quickly and easily. Adobe Dreamweaver is a web design integrated development environment (IDE) that is used to develop … Read More “Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
New principles help organisations to design, review, and secure connectivity to (and within) OT systems. – Read More – NCSC Feed
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; … Read More “Critical Patches Issued for Microsoft Products, January 13, 2026 – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for arbitrary code execution. FortiSandbox is an advanced threat detection solution from Fortinet that uses sandboxing to analyze suspicious files and network traffic for advanced threats like zero-day malware and ransomware. FortiWeb is a web application firewall (WAF) that protects web … Read More “Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; … Read More “Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Mozilla Thunderbird … Read More “Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
With GCAP, the UK government is taking decisive steps towards a safer, more resilient future. – Read More – NCSC Feed
A vulnerability has been discovered in WatchGuard Fireware OS, which could allow for unauthenticated arbitrary code execution. WatchGuard Fireware is the proprietary operating system that powers WatchGuard’s Firebox appliances. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code on the system. – Read More – Cyber Security Advisories – … Read More “A Vulnerability in WatchGuard Fireware OS Could Allow for Arbitrary Code Execution. – Cyber Security Advisories – MS-ISAC” »
Post Content – Read More – IC3.gov News
A vulnerability has been discovered in Cisco AsyncOS, which could allow for remote code execution. AsyncOS is the operating system used by Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands with root-level privileges on the underlying operating system. – Read … Read More “A Vulnerability in Cisco AsyncOS Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
Post Content – Read More – IC3.gov News
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install … Read More “Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; … Read More “Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
An update on the NCSC’s trials to test the real-world efficacy of cyber deception solutions. – Read More – NCSC Feed
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these … Read More “Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; … Read More “Critical Patches Issued for Microsoft Products, December 9, 2025 – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe ColdFusion is a rapid web application development platform that uses the ColdFusion Markup Language (CFML). Adobe Experience Manager (AEM) is a content management and experience management system that helps businesses build and manage their digital … Read More “Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Advice in response to the increase in sextortion scams – Read More – NCSC Feed
Advice for those concerned a device has been infected. – Read More – NCSC Feed
There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations. – Read More – NCSC Feed
A vulnerability in the React Server Components (RSC) implementation has been discovered that could allow for remote code execution. Specifically, it could allow for unauthenticated remote code execution on affected servers. The issue stems from unsafe deserialization of RSC “Flight” protocol payloads, enabling an attacker to send a crafted request that triggers execution of code … Read More “A Vulnerability in React Server Component (RSC) Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
Post Content – Read More – IC3.gov News
Joint NCSC and Canadian Centre for Cyber Security primer helps organisations understand emerging technologies that can help maintain trust in their public-facing information. – Read More – NCSC Feed
Calling vulnerability researchers, exploit developers and others in the offensive cyber industry to share their views. – Read More – NCSC Feed
The NCSC’s Cyber Action Toolkit helps you to protect your business from online attacks. – Read More – NCSC Feed
Why transferring the Commercial Product Assurance scheme to industry ownership marks an important milestone. – Read More – NCSC Feed
Post Content – Read More – IC3.gov News
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; … Read More “Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
A vulnerability has been discovered SonicOS, which could allow for Denial of Service (DoS). SonicOS is the operating system that runs on SonicWall’s network security appliances, such as firewalls. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. This vulnerability … Read More “A Vulnerability in SonicOS Could Allow for Denial of Service (DoS) – Cyber Security Advisories – MS-ISAC” »
An SME’s guide to selecting and working with managed service providers. – Read More – NCSC Feed
Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for arbitrary code execution. FortiClient for Windows is a unified endpoint security solution that provides a range of security features, including a VPN client for secure remote access to corporate networks, antivirus protection, web filtering, and vulnerability assessment. FortiExtender is a device … Read More “Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
A vulnerability has been discovered FortiWeb, which could allow for remote code execution. FortiWeb is a web application firewall (WAF) developed by Fortinet. It’s designed to protect web applications and APIs from a wide range of attacks, including those targeting known vulnerabilities and zero-day exploits. Successful exploitation of this vulnerability could allow an attacker to execute … Read More “A Vulnerability in FortiWeb Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. … Read More “Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe InDesign is a professional page layout and desktop publishing software used for designing and publishing content for both print and digital media. Adobe InCopy is a professional word processor designed for writers and editors to … Read More “Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; … Read More “Critical Patches Issued for Microsoft Products, November 11, 2025 – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these … Read More “Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Post Content – Read More – IC3.gov News
How the NCSC’s ‘Cyber Action Toolkit’ is helping small businesses to improve their cyber security. – Read More – NCSC Feed
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install … Read More “Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for remote code execution. Cisco is a leading technology company best known for its networking hardware and software, such as routers and switches, that form the backbone of the internet and enterprise networks. Successful exploitation of the most severe of … Read More “Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
By 31 March 2026, organisations should have alternatives to Mail Check and Web Check in place. – Read More – NCSC Feed
A vulnerability has been discovered in CWP (aka Control Web Panel or CentOS Web Panel), which could allow for remote code execution. CWP, or Control Web Panel, is a free server administration tool for enterprise-based Linux distributions like CentOS, which simplifies managing web hosting services. The admin interface (accessible on port 2087 or 2031) and the … Read More “A Vulnerability in CWP (aka Control Web Panel or CentOS Web Panel) Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
The NCSC’s CEO, Richard Horne on the new cyber governance resources giving Boards the tools they need to govern cyber security risks. – Read More – NCSC Feed
