CISA released four Industrial Control Systems (ICS) advisories on August 19, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-231-01 Siemens Desigo CC Product Family and SENTRON Powermanager ICSA-25-231-02 Siemens Mendix SAML Module ICSA-25-217-02 Tigo Energy Cloud Connect…
Last week I was joined on a Black Hat panel “To Be or Not to be … a CISO” by fellow esteemed CISOs, Gursev Kalra from Salesforce and Vercel’s Ty Sbano to discuss our career progressions and host Shubham Mittal from RedHunt Labs. Afterwards the…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-8875 N-able N-central Insecure Deserialization Vulnerability CVE-2025-8876 N-able N-central Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…
It’s Friday, but we’re here today with unscheduled content – pushing our previously scheduled shenanigans to next week. Fortinet is no stranger to the watchTowr Labs research team. Today we’re looking at CVE-2025-25256 – a pre-authentication command injection in FortiSIEM that lets an attacker compromise…
CISA released thirty-two Industrial Control Systems (ICS) advisories on August 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-226-01 Siemens SIMATIC RTLS Locating Manager ICSA-25-226-02 Siemens COMOS ICSA-25-226-03 Siemens Engineering Platforms ICSA-25-226-04 Siemens Simcenter Femap ICSA-25-226-05 Siemens Wibu CodeMeter Runtime ICSA-25-226-06 Siemens Opcenter…
CISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency, and several international partners, released comprehensive guidance to help operational technology (OT) owners and operators across all critical infrastructure sectors create and maintain OT asset inventories and supplemental taxonomies. An…
Learn how Fortinet’s CNAPP addresses the top cloud security gaps by unifying posture management, runtime protection, CDR, and application-layer defense to reduce risk across hybrid and multi-cloud environments. Source link Author: Fortinet Article used for cyber security disclosure.
A regionally targeted PowerShell-based campaign used phishing lures, obfuscation, and RAT delivery to infiltrate Israeli organizations. Learn how the attack chain worked—and how Fortinet blocked it. Source link Author: Fortinet Article used for cyber security disclosure.
