Category: Gov/ISAC Feeds

0

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution  – Cyber Security Advisories – MS-ISAC

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Mozilla Thunderbird ESR is a version of...

0

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution  – Cyber Security Advisories – MS-ISAC

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete...

0

Critical Patches Issued for Microsoft Products, March 11, 2025  – Cyber Security Advisories – MS-ISAC

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to...

0

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution  – Cyber Security Advisories – MS-ISAC

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Acrobat and Reader is used to view, create, print, and manage PDF files on desktop and mobile. Substance 3D Sampler is a 3D scanning software that uses AI to create 3D models and materials from real-world images. Adobe Illustrator is a...

0

Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution  – Cyber Security Advisories – MS-ISAC

Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution. FortiManager is a network and security management tool that provides centralized management of Fortinet devices from a single console. FortiManager Cloud is a cloud-based service for centralized management, monitoring, and automation of Fortinet devices across multiple sites FortiOS is the Fortinet’s proprietary...

0

*DRAFT* MS-ISAC CYBERSECURITY ADVISORY – Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution – PATCH: NOW – TLP: CLEAR  – Cyber Security Advisories – MS-ISAC

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete...

0

CISA Adds Six Known Exploited Vulnerabilities to Catalog  – All CISA Advisories

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability CVE-2025-24984 Microsoft Windows NTFS Information Disclosure Vulnerability CVE-2025-24985 Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability CVE-2025-24991 Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability CVE-2025-24993 Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability CVE-2025-26633 Microsoft Windows Management...

0

Optigo Networks Visual BACnet Capture Tool/Optigo Visual Networks Capture Tool  – All CISA Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Optigo Networks Equipment: Visual BACnet Capture Tool, Optigo Visual Networks Capture Tool Vulnerabilities: Use of Hard-coded, Security-relevant Constants, Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, gain control over the products,...

0

Schneider Electric Uni-Telway Driver  – All CISA Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Uni-Telway Driver Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following products are affected: Schneider Electric Uni-Telway Driver: All versions...

0

CISA Releases Two Industrial Control Systems Advisories  – All CISA Advisories

CISA released two Industrial Control Systems (ICS) advisories on March 11, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-070-01 Schneider Electric Uni-Telway Driver ICSA-25-070-02 Optigo Networks Visual BACnet Capture Tool/Optigo Visual Networks Capture Tool CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.  – Read...

0

CISA Adds Five Known Exploited Vulnerabilities to Catalog  – All CISA Advisories

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-25181 Advantive VeraCore SQL Injection Vulnerability CVE-2024-57968 Advantive VeraCore Unrestricted File Upload Vulnerability CVE-2024-13159 Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability CVE-2024-13160 Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability CVE-2024-13161 Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability These types of vulnerabilities are frequent...

0

FBI Warns of Data Extortion Scam Targeting Corporate Executives  – All CISA Advisories

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released an alert warning of a scam involving criminal actors masquerading as the “BianLian Group.” The cyber criminals target corporate executives by sending extortion letters threatening to release victims’ sensitive information unless payment is received.  CISA encourages organizations to review the following FBI Public Service Announcement for more information: Mail...

0

Hitachi Energy PCU400  – All CISA Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: PCU400, PCULogger Vulnerabilities: Access of Resource Using Incompatible Type (‘Type Confusion’), NULL Pointer Dereference, Use After Free, Double Free, Observable Discrepancy, Out-of-bounds Read 2. RISK EVALUATION Exploitation of these vulnerabilities could allow an attacker to access or decrypt sensitive data, crash the device...

AttackFeed by Joe Wagner
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.