CISA released five Industrial Control Systems (ICS) advisories on March 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-079-01 Schneider Electric EcoStruxure™ ICSA-25-079-02 Schneider Electric Enerlin’X IFE and eIFE ICSA-25-079-03 Siemens Simcenter Femap ICSA-25-079-04 SMA Sunny Portal …
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability These types of vulnerabilities are frequent attack…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors…
Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released joint Cybersecurity Advisory, #StopRansomware: Medusa Ransomware. This advisory provides tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and detection methods associated with known Medusa ransomware activity….
CISA released thirteen Industrial Control Systems (ICS) advisories on March 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-072-01 Siemens Teamcenter Visualization and Tecnomatrix Plant Simulation ICSA-25-072-02 Siemens SINEMA Remote Connect Server ICSA-25-072-03 Siemens SIMATIC S7-1500 TM…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability CVE-2025-21590 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber…
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability CVE-2025-24984 Microsoft Windows NTFS Information Disclosure Vulnerability CVE-2025-24985 Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability CVE-2025-24991 Microsoft Windows NTFS…
The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released an alert warning of a scam involving criminal actors masquerading as the “BianLian Group.” The cyber criminals target corporate executives by sending extortion letters threatening to release victims’ sensitive information unless payment is…
