Category: Gov/ISAC Feeds

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; … Read More “Critical Patches Issued for Microsoft Products, September 09, 2025  – Cyber Security Advisories – MS-ISAC” »

Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software Ivanti Connect Secure is an SSL VPN solution for remote and mobile users. Ivanti Policy Secure (IPS) is a network access control (NAC) solution which provides … Read More “Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution  – Cyber Security Advisories – MS-ISAC” »

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.  Adobe Acrobat Reader is a free software for viewing, printing, and annotating PDF files. Adobe After Effects is a digital software program used to create and composite visual effects, motion graphics, and animations for film, television, … Read More “Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution  – Cyber Security Advisories – MS-ISAC” »

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. … Read More “Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution  – Cyber Security Advisories – MS-ISAC” »

Post Content – Read More – IC3.gov News 

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; … Read More “Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution  – Cyber Security Advisories – MS-ISAC” »

A vulnerability has been discovered in Git, which could allow for remote code execution. Git is a free and open-source distributed version control system (VCS). It is designed to track changes in source code during software development and is widely used for coordinating work among multiple developers on the same project. Successful exploitation of this … Read More “A Vulnerability in Git Could Allow for Remote Code Execution  – Cyber Security Advisories – MS-ISAC” »

Multiple Vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway, which could allow for remote code execution.   NetScaler ADC is a networking product that functions as an Application Delivery Controller (ADC), a tool that optimizes, secures, and ensures the reliable availability of applications for businesses. NetScaler Gateway is a secure remote access solution … Read More “Multiple Vulnerabilities in NetScaler ADC and NetScaler Gateway Could Allow for Remote Code Execution  – Cyber Security Advisories – MS-ISAC” »

Multiple vulnerabilities have been discovered in Commvault Backup & Recovery, which when chained together, could allow for remote code execution. Commvault Backup & Recovery is a comprehensive data protection solution that offers a range of services for safeguarding data across various environments, including on-premises, cloud, and hybrid setups. Successful exploitation of these vulnerabilities could allow … Read More “Multiple Vulnerabilities in Commvault Backup & Recovery Could Allow for Remote Code Execution  – Cyber Security Advisories – MS-ISAC” »

A vulnerability has been discovered in Apple products which could allow for arbitrary code execution. Successful exploitation could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with … Read More “A Vulnerability in Apple Products Could Allow for Arbitrary Code Execution  – Cyber Security Advisories – MS-ISAC” »

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Focus for iOS is a private mobile browser … Read More “Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution  – Cyber Security Advisories – MS-ISAC” »

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user or exploited process. Depending on the privileges associated with the user or process, an … Read More “Multiple Vulnerabilities in Microsoft Products Could Allow for Remote Code Execution  – Cyber Security Advisories – MS-ISAC” »

Post Content – Read More – IC3.gov News 

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2025-54948 Trend Micro Apex One OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the Significant … Read More “CISA Adds One Known Exploited Vulnerability to Catalog  – All CISA Advisories” »

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix Ethernet Modules Vulnerability: Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to perform memory dumps, modify memory, and control execution flow. 3. TECHNICAL DETAILS 3.1 … Read More “Rockwell Automation ControlLogix Ethernet Modules  – All CISA Advisories” »

Multiple vulnerabilities have been discovered in Cisco security products that could allow for arbitrary code execution. Cisco Secure Firewall Management Center (FMC) is a centralized management solution for Cisco Secure Firewall devices, enabling policy control, event monitoring, and threat analysis. Cisco Firepower 2100 Series is a family of threat-focused firewalls designed for high-performance security and … Read More “Multiple Vulnerabilities in Cisco Security Products Could Allow for Arbitrary Code Execution  – Cyber Security Advisories – MS-ISAC” »

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity … Read More “Siemens Web Installer  – All CISA Advisories” »

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low Attack Complexity … Read More “Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER  – All CISA Advisories” »

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack … Read More “Siemens RUGGEDCOM ROX II  – All CISA Advisories” »