HOME TOOLS TRAINING NEWS CTF EVENTS CRYPTOJAMS CONTACT

NEWS

ALL NEWS - LIST VIEW "click here"

Major News Resources

Bleeping Computer

The Hacker News

FBI News

CISA Alerts & Advisories

Homeland Security News Wire

NSA Press Releases & Statements

New Exploits

Cybersecurity and Infrastructure Security Agency C

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.  
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant...
Cybersecurity and Infrastructure Security Agency C

Mitsubishi Electric GX Works2 | CISA

View CSAF
Successful exploitation of this vulnerability could open project files protected by user authentication using disclosed credential information, and obtain or modify project information.
The following versions of GX Works2 are affected:
An attacker could disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project in...
Cybersecurity and Infrastructure Security Agency C

PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems | CISA

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of ongoing intrusions by People’s Republic of China (PRC) state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows environments.3 Victim organizations are primarily in the Government Services and Facilities and Information Technology Sectors. BRICKSTORM enables cyber threat actors to maintain stealthy access and pr...
Cybersecurity and Infrastructure Security Agency C

MAXHUB Pivot | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to request a password reset and gain unauthorized access to the account.
MAXHUB reports the following versions of MAXHUB Pivot are affected:
The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account.
CVE-2025-53704 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/...
Cybersecurity and Infrastructure Security Agency C

Sunbird DCIM dcTrack and Power IQ | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access or steal credentials.
The following Sunbird products are affected:
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.
CVE-2025-66238 has been assigned to this vulnerabi...
Cybersecurity and Infrastructure Security Agency C

Johnson Controls iSTAR | CISA

View CSAF
Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires.
The following versions of Johnson Controls iSTAR are affected:
Under certain circumstances, an iSTAR using the default certificate to connect to the C•CURE Server may fail to re-establish communication, once the certificate expires.
CVE-2025-61736 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS...
Cybersecurity and Infrastructure Security Agency C

Advantech iView | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information, modify, or delete data.
The following Advantech products are affected:
Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.
CVE-2025-13373 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/...
Cybersecurity and Infrastructure Security Agency C

SolisCloud Monitoring Platform | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to access sensitive information by manipulating API requests.
The following versions of SolisCloud Monitoring Platform are affected:
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.
CVE-2025-13932 has been assigned to this vulnerabil...
Cybersecurity and Infrastructure Security Agency C

BRICKSTORM Backdoor | CISA

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Canadian Centre for Cyber Security (Cyber Centre) assess People’s Republic of China (PRC) state-sponsored cyber actors are using BRICKSTORM malware for long-term persistence on victim systems. Victim organizations are primarily in the Government Services and Facilities and Information Technology Sectors. BRICKSTORM is a sophisticated backdoor for VMware vSphere (specifically VMware vCenter servers an...
Cybersecurity and Infrastructure Security Agency C

Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information.
The following versions of Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace are affected:
Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace versions 2025.1.2 and prior are vulnerable to a Direct Request exploit that could allow an attacker to gain unauthorized access to sensitive information.
CVE-2025-26381 has been assi...
Cybersecurity and Infrastructure Security Agency C

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.  
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant...
Cybersecurity and Infrastructure Security Agency C

CISA, Australia, and Partners Author Joint Guidance on Securely Integrating Artificial Intelligence in Operational Technology | CISA

CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international partners, have released new cybersecurity guidance: Principles for the Secure Integration of Artificial Intelligence in Operational Technology.
This guidance aims to help critical infrastructure owners and operators integrate artificial intelligence (AI) into operational technology (OT) systems securely, balancing the benefits of AI—such as increased efficiency, enhance...
Cybersecurity and Infrastructure Security Agency C

Iskra iHUB and iHUB Lite | CISA

View CSAF
Successful exploitation of this vulnerability could allow a remote attacker to reconfigure devices, update firmware, and manipulate connected systems without any credentials.
The following versions of Iskra iHUB and iHUB Lite, a Smart Metering Gateway and Data Concentrator, are affected:
The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings....
Cybersecurity and Infrastructure Security Agency C

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.   

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry si...
Cybersecurity and Infrastructure Security Agency C

Industrial Video & Control Longwatch | CISA

View CSAF
Successful exploitation of this vulnerability could allow an unauthenticated attacker to gain remote code execution with elevated privileges.
The following versions of Industrial Video & Control Longwatch, a video surveillance and monitoring system, are affected:
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level p...
Cybersecurity and Infrastructure Security Agency C

Mirion Medical EC2 Software NMIS BioDose | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to modify program executables, gain access to sensitive information, gain unauthorized access to the application, and execute arbitrary code.
The following Mirion Medical products are affected:
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executab...
Cybersecurity and Infrastructure Security Agency C

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant...
Cybersecurity and Infrastructure Security Agency C

Rockwell Automation Arena Simulation | CISA

View CSAF
Successful exploitation of this vulnerability could allow local attackers to execute arbitrary code on affected installations of Arena.
The following Rockwell Automation products are affected:
Arena suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena. Exploiting the vulnerability requires opening a malici...
Cybersecurity and Infrastructure Security Agency C

Zenitel TCIV-3+ | CISA

View CSAF
Successful exploitation of these vulnerabilities could result in arbitrary code execution or cause a denial-of-service condition.
The following versions of TCIV-3+ are affected:
An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker to inject arbitrary commands.
CVE-202...
Cybersecurity and Infrastructure Security Agency C

SiRcom SMART Alert (SiSA) | CISA

View CSAF
Successful exploitation of this vulnerability could enable an attacker to remotely activate or manipulate emergency sirens.
The following versions of SiRcom SMART Alert (SiSA), a central control system, are affected:
SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application.
CVE-2025-13483 has been assigned to this vulnerabi...
Cybersecurity and Infrastructure Security Agency C

Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code.
The following Ashlar-Vellum products are affected:
An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.
CVE-2025-65084 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has...
Cybersecurity and Infrastructure Security Agency C

Opto 22 groov View | CISA

View CSAF
Successful exploitation of this vulnerability could result in credential exposure, key exposure, and privilege escalation.
The following versions of groov View are affected:
The users endpoint in the groov View API returns a list of all users and associated metadata including their API keys. This endpoint requires an Editor role to access and will display API keys for all users, including Administrators.
CVE-2025-13084 has been assigned to this vulnerability. A CVSS v3.1 base score of...
Cybersecurity and Infrastructure Security Agency C

Festo Compact Vision System, Control Block, Controller, and Operator Unit products | CISA

View CSAF
Successful exploitation of these vulnerabilities could result in an attacker accessing devices without authentication or modifying configuration files.
Festo reports that the following products are affected:
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
CVE-2022-22515 has been assigned to this vulnerability. A CVSS v3.1 base...
Cybersecurity and Infrastructure Security Agency C

​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​ | CISA

CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications (apps).1 These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s mobile device.  
These cyber actors use tactics such as:
While current targeting remains opportun...
Cybersecurity and Infrastructure Security Agency C

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.   
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant...
Cybersecurity and Infrastructure Security Agency C

Festo MSE6-C2M/D2M/E2M | CISA

View CSAF
Successful exploitation of this vulnerability could lead to a complete loss of confidentiality, integrity, and availability.
Festo reports the following products are affected:
In Festo MSE6 product-family, a remote authenticated, low-privileged attacker could use functions of undocumented test mode, which could lead to a complete loss of confidentiality, integrity, and availability.
CVE-2023-3634 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated...
Cybersecurity and Infrastructure Security Agency C

Automated Logic WebCTRL Premium Server | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow a remote attacker to deceive a legitimate user into running malicious scripts or redirecting them to malicious websites.
The following Automated Logic products are affected:
This weakness occurs when an application accepts a user-supplied URL and redirects the user to that URL without proper validation. Attackers can exploit this to redirect victims to malicious sites, often used in phishing or to bypass security controls.
CV...
Cybersecurity and Infrastructure Security Agency C

Festo Didactic products | CISA

View CSAF
Successful exploitation of this vulnerability could allow the creation or overwriting of arbitrary files in the engineering system.
Festo reports that the following products contain affected versions of Siemens TIA-Portal:
A vulnerability has been identified in Siemens Totally Integrated Automation Portal (TIA Portal) V15, V16, V17, and V18. The affected products contain a path traversal vulnerability that could allow the creation or overwriting of arbitrary files in the engineering sy...
Cybersecurity and Infrastructure Security Agency C

Emerson Appleton UPSMON-PRO | CISA

View CSAF
Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO.
The following Emerson products are affected:
A crafted UDP packet sent to the default UDP port 2601 can cause an overflow of the buffer stack, overwriting critical memory locations. This could allow unauthorized individuals to execute arbitrary code with SYSTEM privileges if the UPSMONProService service communication is not properly vali...
Cybersecurity and Infrastructure Security Agency C

ICAM365 CCTV Camera Multiple Models | CISA

View CSAF
Successful exploitation of these vulnerabilities could result in unauthorized exposure of camera video streams and camera configuration data.
The following iCam365 camera model is affected:
The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information.
CVE-2025-64770 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; t...
Cybersecurity and Infrastructure Security Agency C

Opto 22 GRV-EPIC and groov RIO | CISA

View CSAF
Successful exploitation of this vulnerability could result in the execution of arbitrary shell commands with root privileges.
The following versions of GRV Programmable Logic Controllers are affected:
A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these value...
Cybersecurity and Infrastructure Security Agency C

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.   

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry signifi...
Cybersecurity and Infrastructure Security Agency C

CISA Releases Guide to Mitigate Risks from Bulletproof Hosting Providers | CISA

Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help Internet Service Providers (ISPs) and network defenders mitigate cybercriminal activity enabled by Bulletproof Hosting (BPH) providers.
A BPH provider is an internet...
Cybersecurity and Infrastructure Security Agency C

Shelly Pro 4PM | CISA

View CSAF
Successful exploitation of this vulnerability could result in a denial-of-service condition.
The following version of Pro 4PM, a smart DIN rail switch, is affected:
Due to lack of input bounds checking, an attacker can send a specially crafted request to any RPC endpoint. The malicious request causes the device's JSON parser to overallocate memory, leading the device to reboot and creating a denial-of-service condition.
CVE-2025-11243 has been assigned to this vulnerability. A CVSS v3...
Cybersecurity and Infrastructure Security Agency C

Schneider Electric EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio | CISA

View CSAF
Successful exploitation of this vulnerability could lead to loss of confidentiality and integrity.
Schneider Electric reports that the following products use an affected AVEVA component:
The vulnerability disclosed by AVEVA Group Limited impacts the affected Schneider Electric software. Additional information about the vulnerabilities can be found in the AVEVA advisory AVEVA-2025-006. The vulnerability, if exploited, could allow a attacker with read access to Edge project files or Edge...
Cybersecurity and Infrastructure Security Agency C

METZ CONNECT EWIO2 | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and control the device remotely or perform remote code execution.
METZ CONNECT reports that the following products are affected:
The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.
CVE-2025-41733 has been assigned to this vulnerability. A CVSS v3.1 ba...
Cybersecurity and Infrastructure Security Agency C

Schneider Electric PowerChute Serial Shutdown | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to access user accounts or gain elevated system access.
The following version of Schneider Electric PowerChute Serial Shutdown are affected:
A path traversal vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST/REST/UpdateJRE request payload.
CVE-2025-11565 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calcul...
Cybersecurity and Infrastructure Security Agency C

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.  
With recent and ongoing exploitation events Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products, a reduced remediation timeframe of one week is recommended. See BOD 23-02: Mit...
Cybersecurity and Infrastructure Security Agency C

Shelly Pro 3EM | CISA

View CSAF
Successful exploitation of this vulnerability could result in a denial-of-service condition.
The following version of Pro 3EM, a smart DIN rail switch, is affected:
By sending a specially crafted Modbus request, an attacker can direct the device to access an illegal data address without standard error handling, causing the device to reboot and leading to a denial-of-service condition.
CVE-2025-12056 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculate...
Cybersecurity and Infrastructure Security Agency C

Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products | CISA

CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall. This vulnerability affects the following FortiWeb versions:1
CVE-2025-64446 is a relative path traversal vulnerability CWE-23: Relative Path Traversal that may allow an unauthenticated malicious actor to execute administrative commands on a system via specially crafted HTTP or HTTPS requests. 
Fortinet recommends affected organizations:
CISA added CVE-2025-64446 to...
Cybersecurity and Infrastructure Security Agency C

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.   

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry signifi...
Cybersecurity and Infrastructure Security Agency C

AVEVA Application Server IDE | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to tamper with help files and inject cross-site scripting (XSS) code.
The following versions of AVEVA Application Server are affected:
The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection that when executed by a victim user, can result in horizontal or vertical escalation of...
Cybersecurity and Infrastructure Security Agency C

Rockwell Automation Studio 5000 Simulation Interface | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow attackers to trigger outbound SMB requests to capture NTLM hashes and execute scripts with Administrator privileges upon system reboot.
The following versions of Rockwell Automation Studio 5000 Simulation Interface are affected:
A local code execution security issue exists within Studio 5000 Simulation Interface via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequenc...