< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2062 articles · page 38 of 104

CISA Emergency Directive Targets Exploited Cisco SD-WAN

🔔 CISA has issued Emergency Directive 26-03 after reports that threat actors are actively exploiting a critical authentication bypass in Cisco Catalyst SD-WAN (CVE-2026-20127, CVSS 10). The directive instructs federal agencies to inventory affected systems, forward logs externally, collect forensic artifacts, apply vendor updates, hunt for signs of compromise and rebuild infrastructure if root access is detected. Agencies must report remediation and logging actions to CISA by multiple deadlines through March 23, 2026.
read more →

Siemens SIDIS Prime Multiple Component Vulnerabilities

⚠️ Siemens reports that SIDIS Prime versions prior to V4.0.800 include multiple vulnerabilities in third‑party components such as OpenSSL, SQLite, and a range of Node.js libraries. The advisory enumerates numerous CVEs covering memory corruption, DoS, XSS, path traversal, prototype pollution, and other weaknesses. Siemens and CISA recommend updating to V4.0.800 or later, restricting network exposure, and following vendor operational guidance before deployment. Affected systems are used worldwide in critical manufacturing environments and should be assessed promptly.
read more →

Inductive Automation Ignition Deserialization Vulnerability

🔒 A deserialization vulnerability in Inductive Automation Ignition (CVE-2025-13913) allows a privileged, authenticated user to import a crafted file that executes embedded code during deserialization, potentially running with the OS application service account's permissions. The flaw affects Ignition versions prior to 8.3.0 and carries a CVSS v3.1 base score of 6.3; CISA reports it is not remotely exploitable and no public exploitation is known. Remediation is to upgrade to 8.3.0 or later. As interim mitigations, follow the Ignition Security Hardening Guide, restrict project imports to trusted sources, use dedicated low-privilege service accounts, and segment gateways from corporate networks.
read more →

Siemens SIMATIC S7-1500: Trace-File Code Injection Risk

⚠️ Siemens SIMATIC S7-1500 devices are affected by a high-severity vulnerability (CVE-2025-40943) that allows code injection when a user imports a specially crafted trace file via the device web interface. Siemens has released fixes (notably V4.1.2 and later) for many affected products and is preparing additional updates. Where patches are not yet available, Siemens and CISA advise disabling the web server if unused, restricting access to TCP ports 80/443, and only importing trusted trace files.
read more →

Fortinet/FortiOS Flaws Affect Siemens RUGGEDCOM APE1808

🔐 Fortinet disclosed multiple FortiOS vulnerabilities that affect Siemens RUGGEDCOM APE1808 devices. Siemens has issued firmware updates and advises operators to install vendor fixes promptly. Issues include an authentication bypass, HTTP request smuggling, and an externally controlled format string that can enable code execution or unauthorized access. Apply vendor patches and limit device exposure.
read more →

Trane Tracer SC Family: Multiple High-Risk Vulnerabilities

⚠️ CISA published an advisory for Trane Tracer SC, Tracer SC+, and Tracer Concierge reporting five vulnerabilities that could lead to information disclosure, arbitrary command execution, or denial-of-service. The issues (CVE-2026-28252 through CVE-2026-28256) include broken cryptography, excessive memory allocation, missing authorization, and hard-coded credentials/constants. Affected builds include Tracer SC < v4.4_SP7 and Tracer SC+/Concierge < v6.3.2310; Trane released Tracer SC+ v6.30.2313 to address these flaws. CISA advises isolating control networks, restricting remote access, applying vendor updates, and following ICS defensive best practices.
read more →

Improper Access Control in Heliox EV Chargers — Patch

⚠️ Siemens has issued updates for Heliox EV chargers after identifying an improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Affected models include the Heliox Flex 180 kW and Heliox Mobile DC 40 kW stations. Siemens recommends applying the provided over-the-air (OTA) updates and contacting customer support for patch rollout details. CVE-2025-27769 is rated CVSS v3.1 2.6 (Low) and categorized as CWE-923.
read more →

Apple backports WebKit fixes to legacy iOS and macOS

🔒 Apple has backported a WebKit memory-corruption fix, tracked as CVE-2023-43010, to older iOS and iPadOS releases after the flaw was observed in the Coruna exploit kit. The original mitigation shipped in iOS 17.2 on December 11, 2023; Apple’s recent updates — including iOS 15.8.7 and iOS 16.7.15 — extend protections to devices that cannot run the latest OS. Users with affected legacy devices are advised to install the available backports to mitigate exploitation risk.
read more →

Zombie ZIP attack evades AV and EDR by header abuse

🧟 Researchers disclosed a technique called 'Zombie ZIP' that manipulates ZIP headers to hide DEFLATE-compressed payloads so scanners treat them as uncompressed, producing widespread false negatives in antivirus and EDR tools. The author, Chris Aziz of Bombadil Systems, published proof-of-concept archives showing scanners trust the ZIP Method field and therefore scan raw bytes instead of compressed data. CERT/CC assigned CVE-2026-0866 and recommends stricter archive validation; end users should delete archives that raise 'unsupported method' or extraction errors.
read more →

CISA Adds Critical n8n RCE to KEV Catalog (CVE-2025-68613)

⚠️n8n's critical expression-injection flaw, tracked as CVE-2025-68613 (CVSS 9.9), has been added to CISA's Known Exploited Vulnerabilities catalog following evidence of active exploitation. The issue allows an authenticated attacker to perform remote code execution via the workflow expression evaluation system, risking full instance compromise. n8n issued fixes in December 2025 (1.120.4, 1.121.1, 1.122.0), but thousands of instances remain exposed online.
read more →

CISA warns of active exploitation: Ivanti EPM, Cisco SD‑WAN

⚠️ CISA warns that an authentication-bypass bug in Ivanti Endpoint Manager (CVE-2026-1603), patched Feb. 9, is being actively exploited to leak stored credentials. The agency also added related SolarWinds and VMware defects to its Known Exploited Vulnerabilities catalog. CISA updated an emergency directive for Cisco SD‑WAN flaws (CVE-2026-20127, CVE-2022-20775), citing signs of long-running exploitation and imposing new reporting and log-submission requirements for federal agencies, including a March 26 deadline.
read more →

Talos Discloses DirectX, OpenFOAM, Libbiosig Vulnerabilities

🛡️ Cisco Talos’ Vulnerability Discovery & Research team disclosed multiple vulnerabilities affecting Microsoft DirectX, OpenCFD OpenFOAM, and the BioSig project’s libbiosig library. Most issues have been patched by their respective vendors in accordance with Cisco’s disclosure policy, while the DirectX local privilege escalation remains unpatched. Talos published detailed advisories and Snort rule guidance to detect exploitation. Affected CVEs include CVE-2025-68623, CVE-2025-61982, CVE-2025-64736, CVE-2026-22891, and CVE-2026-20777.
read more →

SQLi in Elementor's Ally Plugin Puts 250k+ Sites at Risk

🔒 A high-severity SQL injection (CVE-2026-2313) in the Ally WordPress plugin from Elementor allows unauthenticated attackers to inject SQL via a URL parameter in versions up to 4.0.3. The flaw stems from improper sanitization in the get_global_remediations() method, where a user-supplied URL parameter is concatenated into an SQL JOIN clause. Exploitation is possible only if the plugin is connected to an Elementor account and the Remediation module is active. Elementor released a fix in version 4.1.0 on February 23, but roughly 250,000 sites remain unpatched; administrators should update Ally to 4.1.0 and install WordPress 6.9.2 immediately.
read more →

CISA Orders Federal Patch for n8n RCE Vulnerability

🔔 CISA has ordered federal agencies to patch an actively exploited remote code execution flaw in n8n, tracked as CVE-2025-68613, which permits authenticated attackers to run arbitrary code with the n8n process's privileges. The n8n team released n8n v1.122.0 in December to address the issue and urges immediate upgrades; temporary mitigations include restricting workflow creation/editing, limiting OS privileges, and reducing network access. Shadowserver reports over 40,000 exposed instances globally, prompting a March 25 remediation deadline for federal civilian agencies under BOD 22-01.
read more →

LeakyLooker: Nine Cross-Tenant Flaws in Looker Studio

🔒 Tenable Research disclosed nine cross-tenant vulnerabilities, collectively named LeakyLooker, in Looker Studio that could allow attackers to run arbitrary SQL and access datasets across tenants. The flaws affected connectors including BigQuery, Spanner, PostgreSQL, MySQL, Google Sheets and Cloud Storage and involved SQL injection, data leaks via report elements and a BigQuery denial-of-wallet issue. Google has applied global fixes to its fully managed service and no customer action is required, though organisations should review sharing settings and limit unused connectors.
read more →

Critical n8n Vulnerabilities Allow Remote Code Execution

⚠️ Cybersecurity researchers disclosed multiple critical vulnerabilities in the n8n workflow automation platform that can lead to remote code execution and the exposure of stored credentials. The principal issues include an expression sandbox escape (CVE-2026-27577) and an unauthenticated Form-node expression injection (CVE-2026-27493). n8n has released fixes in 1.123.22, 2.9.3 and 2.10.1 and recommends immediate patching; short-term mitigations and node exclusions are available for users who cannot upgrade immediately.
read more →

Dozens of Vendors Patch Critical and High-Risk Flaws

🔒 SAP, Microsoft, Adobe and many other vendors released patches this month for multiple critical and high‑risk vulnerabilities, including remote code execution and authentication bypasses. SAP addressed two critical flaws — CVE-2019-17571 (Log4j 1.2.17, CVSS 9.8) and CVE-2026-27685 (insecure deserialization, CVSS 9.1) — while Microsoft and Adobe shipped fixes for dozens more. Hewlett Packard Enterprise patched an Aruba AOS‑CX authentication bypass (CVE-2026-23813, CVSS 9.8). Organizations should prioritize fixes for RCE, insecure deserialization, and authentication-bypass issues on Internet-facing and management interfaces.
read more →

CISA Adds n8n Vulnerability to KEV Catalog, Advises Fix

⚠️ CISA added CVE-2025-68613 to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation involving n8n. The issue is classified as an Improper Control of Dynamically-Managed Code Resources vulnerability and poses elevated risk to enterprise environments. CISA reminds Federal Civilian Executive Branch agencies that BOD 22-01 mandates remediation of KEV entries and strongly urges all organizations to prioritize timely patching and mitigation to reduce exposure.
read more →

Critical Aruba AOS-CX Web Bug Lets Attackers Gain Admin

⚠️ HPE Aruba Networking released patches for five vulnerabilities in AOS-CX switch software, including a critical web-management flaw that allows unauthenticated remote actors to bypass authentication and potentially reset administrator credentials. The most severe issue, CVE-2026-23813 (CVSS 9.8), can be triggered entirely over the network without user interaction. Additional CLI command-injection vulnerabilities and an open-redirect flaw were also fixed; administrators should apply updates and restrict management interfaces immediately.
read more →

Microsoft Patches Two Publicly Disclosed Zero-Day Flaws

🔒 Microsoft released its March Patch Tuesday updates addressing 79 vulnerabilities, including two publicly disclosed zero-day flaws. The zero-days are CVE-2026-21262, an SQL Server elevation-of-privilege issue (CVSS 8.8), and CVE-2026-26127, a .NET denial-of-service vulnerability. Security researchers warn that while only three flaws were rated critical, the bulk of fixes are elevation-of-privilege bugs in core Windows components and should be prioritised to avoid escalation chains and operational disruption.
read more →