Security Bulletin

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Consilium Safety Equipment: CS5000 Fire Panel Vulnerabilities: Initialization of a Resource with an Insecure Default, Use of Hard-coded...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Instantel Equipment: Micromate Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this...

CISA released five Industrial Control Systems (ICS) advisories on May 29, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-148-01 Siemens SiPass ICSA-25-148-02...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

The phishing operation is using Telegram groups to sell a phishing-as-a-service kit with customer service, a mascot, and infrastructure that requires little technical knowledge to install.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[This is a Guest Diary by Ehsaan Mavani, an ISC intern as part of the SANS.edu BACS program]

Researchers are using quantum computers to generate keys that are truly random to strengthen data encryption.

Authentication bypass and command injection flaws facilitate the malicious activity.

Researchers at Oasis Security say the problem has to do with OneDrive File Picker having overly broad permissions.