-
CISA and FBI Issue Updated Guidance on Product Security Bad Practices
In partnership with the Federal Bureau of Investigation (FBI), CISA has released updated joint guidance on product security malpractices as part of CISA's Secure by Design initiative. This updated guidance…
-
Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivantis Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283,…
-
Several vulnerabilities in SonicWall SonicOS could allow a remote attacker to bypass authentication.
MS-ISAC NOTICE NUMBER: 2025-002 ISSUE DATE(S): 09/01/2025 PREVIEW: Several vulnerabilities have been discovered in SonicWall SonicOS that could allow authentication to be bypassed. SonicOS is SonicWalls' operating system designed for…
-
CISA adds three known exploited vulnerabilities to its catalog
CISA has added three new vulnerabilities to its catalog of known exploited vulnerabilities, based on evidence of active exploitation. CVE-2024-41713 Mitel MiCollab Path Traversal Vulnerability CVE-2024-55550 Mitel MiCollab Path Traversal…
-
CISA adds known exploited vulnerability to its catalog
CISA has added a new vulnerability to its catalog of known exploited vulnerabilities, based on evidence of active exploitation. CVE-2024-3393 Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability These types…
-
Vulnerability in Apache Struts2 could allow remote code execution
MS-ISAC NOTICE NUMBER: 2024-141 ISSUE DATE(S): 12/23/2024 PREVIEW: A vulnerability has been discovered in Apache Struts2, which could allow remote code execution. Apache Struts2 is an open source web application…
-
Fortinet releases security updates for FortiManager
Fortinet has released a security update to address a vulnerability in FortiManager. A remote cyber threat actor could exploit this vulnerability to take control of an affected system. Users and…
-
Multiple vulnerabilities in Sophos Firewall could allow remote code execution
MS-ISAC NOTICE NUMBER: 2024-140 ISSUE DATE(S): 12/19/2024 PREVIEW: Several vulnerabilities have been discovered in Sophos Firewall, the most serious of which could allow remote code execution. Sophos Firewall is a…
-
Vulnerability in several Cleo products could allow remote code execution
MS-ISAC NOTICE NUMBER: 2024-139 ISSUE DATE(S): 12/12/2024 PREVIEW: A vulnerability has been discovered in several Cleo products that could allow remote code execution. Cleos LexiCom, VLTransfer and Harmony are commonly…
Search
Recent Posts
- How to Align AI Initiatives with Cybersecurity Policies in 2025
- Vulnerability in Microsoft Windows Server Update Services (WSUS) could allow remote code execution
- Several vulnerabilities in Ivanti products could allow remote code execution
- Several vulnerabilities in Aria VMware operations and VMware tools could allow a climbing of privileges
