Security Bulletin

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-23209 Craft CMS Code Injection Vulnerability CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.7 ATTENTION: Low attack complexity Vendor: Medixant Equipment: RadiAnt DICOM Viewer Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful...

CISA released eight Industrial Control Systems (ICS) advisories on February 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-051-01 ABB ASPECT-Enterprise...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: FLXEON Controllers Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elseta Equipment: Vinci Protocol Analyzer Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rapid Response Monitoring Equipment: My Security Account App Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT...

With Version 3, would-be phishers can cut and paste a big brand's URL into a template and let automation do the rest.

With the Elastic released of version 8.17.0, it included "The technical preview of new MATCH and query string (QSTR) functions in ES|QL makes log searches easier and more intuitive."[ 1] With this released, I started exploring some of the many...

The continent faces "relentless" military espionage, and increased cyber sabotage at the hands of authoritarian regimes, according to a high-ranking intelligence director.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.