< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2062 articles · page 41 of 104

Hitachi Energy RTU500 Firmware Vulnerabilities Identified

🔒 Hitachi Energy disclosed multiple vulnerabilities in the RTU500 series CMU firmware that may reveal limited user-management data or cause device outages. The issues span improper permission handling, input validation gaps, uncontrolled recursion, and unbounded memory allocation, with CVSS scores up to 7.5. Vendor fixes are available — update to CMU Firmware 12.7.8, 13.7.8 (or later), or 13.8.2 as applicable — and apply recommended network mitigations until devices are patched.
read more →

Portwell Engineering Toolkits Vulnerability: CVE-2026-3437

⚠️ CISA warns of a high-severity driver vulnerability, CVE-2026-3437, in Portwell Engineering Toolkits v4.8.2 allowing a local authenticated user to read and write arbitrary memory. The flaw (CWE-119) can enable privilege escalation or denial-of-service, and carries a CVSS v3.1 base score of 8.8. Portwell has not responded to CISA coordination requests; users should minimize device exposure and contact Portwell support for guidance.
read more →

ePower charging stations vulnerable to WebSocket flaws

🔒 CISA warns that ePower epower.ie charging stations contain multiple WebSocket authentication and session-management vulnerabilities that could allow attackers to impersonate chargers, hijack sessions, or disrupt charging services. The advisory catalogs four CVEs, led by a critical authentication bypass (CVE-2026-22552, CVSS 9.4). ePower has not responded to CISA's coordination requests; operators should apply recommended mitigations and minimize network exposure.
read more →

Labkotec LID-3300IP Vulnerability Allows Auth Bypass

⚠️ The Labkotec LID-3300IP ice detector contains an unauthenticated remote-access vulnerability (CVE-2026-1775) that allows an attacker to modify device parameters and execute operational commands by sending specially crafted packets. CISA assigns a CVSS v3.1 base score of 9.4 (Critical). Labkotec recommends migrating to the LID-3300IP Type 2, installing firmware V2.40, and enabling HTTPS; until remediation, operators should remove Internet exposure, segment networks, enforce strong credentials, and monitor device activity.
read more →

Hitachi Energy Relion REB500 Privilege Escalation Fix

⚠️ Hitachi Energy disclosed authentication-based directory access vulnerabilities in the Relion REB500 product (firmware versions ≤ 8.3.3.0), tracked as CVE-2026-2459 and CVE-2026-2460. Authenticated users with certain roles can access and modify directories beyond their authorization. The vendor advises updating to REB500 v8.3.3.1 and recommends disabling or tightly controlling the Installer role as an interim mitigation.
read more →

Critical OCPP Backend Vulnerabilities in Everon Platform

🔒 CISA reports multiple critical vulnerabilities in Everon OCPP Backends (api.everon.io) that permit unauthenticated access, session hijacking, credential exposure, and denial-of-service. The advisory details four CVEs, including a CVSS 3.1 score of 9.4 for missing authentication on WebSocket endpoints. Everon reportedly shut down the platform on December 1, 2025; CISA recommends isolating control networks, restricting Internet access, and using secure remote access methods.
read more →

Vulnerabilities in Mobiliti e-mobi.hu Charging Stations

🔒 This advisory details critical authentication and session-management flaws in Mobiliti's e-mobi.hu charging platform that could permit unauthorized administrative access, session hijacking, and denial-of-service against chargers and backend services. Affected versions include all released e-mobi.hu builds. Operators should restrict network exposure, isolate charging networks behind firewalls, and contact Mobiliti support for vendor guidance.
read more →

CISA Adds Two Known-Exploited Vulnerabilities to KEV Catalog

⚠️ CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on March 3, 2026, after observing evidence of active exploitation. The entries include CVE-2026-21385, a memory corruption issue impacting multiple Qualcomm chipsets, and CVE-2026-22719, a command injection vulnerability affecting Broadcom VMware Aria Operations. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged flaws by the required due dates; CISA also strongly urges all organizations to prioritize timely remediation. CISA will continue to add vulnerabilities that meet its KEV criteria.
read more →

Google Patches Android Zero-Day in Qualcomm Display

🔒 Google released March 2026 Android updates addressing 129 security flaws, including an actively exploited zero-day, CVE-2026-21385, in a Qualcomm display Graphics subcomponent. Qualcomm says the bug is an integer overflow/wraparound that local attackers can use to trigger memory corruption. Google also fixed 10 critical System/Framework/Kernel vulnerabilities and published two patch levels (2026-03-01 and 2026-03-05); Pixel devices receive fixes immediately while other vendors may take longer to roll them out.
read more →

Google Confirms Exploited Qualcomm Graphics Flaw in Android

⚠ Google confirmed that CVE-2026-21385, a high-severity buffer over-read in a Qualcomm graphics component used on Android devices, has been observed exploited in the wild. Qualcomm characterizes the defect as an integer overflow that permits memory corruption when user-supplied data is written without checking buffer space. The issue (CVSS 7.8) was reported to Qualcomm by Google's Android Security team on December 18, 2025, and customers were notified on February 2, 2026. Google’s March 2026 security bulletin includes this fix among 129 patches and notes indications of limited, targeted exploitation.
read more →

Chrome WebView Flaw Allowed Malicious Extension Abuse

🔒 Google patched a high-severity WebView policy enforcement bug, CVE-2026-0628 (CVSS 8.8), in early January 2026 that could let a malicious extension inject scripts or HTML into the browser's new Gemini side panel. Discovered by Palo Alto Networks Unit 42 researcher Gal Weizman, the flaw could have enabled privilege escalation to access local files, take screenshots, and turn on camera or microphone without consent. The fix shipped in Chrome 143.0.7499.192/.193 (Windows/Mac) and 143.0.7499.192 (Linux).
read more →

Critical macOS ExifTool Vulnerability CVE-2026-3102

⚠️ Kaspersky's GReAT discovered a critical flaw, CVE-2026-3102, in ExifTool that can execute embedded shell commands when processing crafted image metadata on macOS if ExifTool is invoked with the -n/--printConv flag. The issue affects ExifTool versions 13.49 and earlier and can be exploited in automated workflows or apps that bundle the library. Update to ExifTool 13.50 immediately, isolate processing of untrusted files, and verify third-party tools do not include older copies of the library.
read more →

ClawJacked: Local WebSocket Flaw Gives Remote Control

⚠️ Researchers have revealed a high-severity "ClawJacked" vulnerability in OpenClaw that can allow a malicious webpage to take full control of the AI assistant platform. The issue arises because the gateway binds to localhost and treats local connections as trusted, permitting a script to brute-force credentials and auto-register as a trusted node. Once authenticated, an attacker can enumerate devices, read logs and dispatch commands. Users are urged to upgrade to 2026.2.25 or later immediately.
read more →

Chrome Gemini Vulnerability Allowed Extension Hijack

🛡 Unit 42 discovered CVE-2026-0628, a high-severity flaw in Chrome's new Gemini Live panel that allowed extensions with only declarativeNetRequest permissions to inject JavaScript into the privileged panel context. That injection could escalate extension privileges to access camera and microphone, read local files, take screenshots and render phishing content inside a trusted browser UI. Google was notified on 2025-10-23 and issued a patch in early January 2026. Palo Alto Networks recommends mitigations such as Prisma Browser and related protections.
read more →

ClawJacked vulnerability lets websites hijack OpenClaw

🔒 Security researchers disclosed a high-severity ClawJacked vulnerability in OpenClaw that allowed a malicious website to silently brute-force a locally running gateway and take control. Oasis Security reported the issue and OpenClaw released a fix in version 2026.2.26 on February 26. The update hardens WebSocket checks, removes unsafe localhost exemptions, and closes avenues for silent device pairing and credential theft. Administrators should update immediately.
read more →

OpenClaw 'ClawJacked' Flaw Lets Webpages Take Control

🔒OpenClaw addressed a high‑severity vulnerability codenamed ClawJacked that allowed attacker‑controlled webpages to connect to a local OpenClaw gateway, brute‑force its password (no rate limiting), and register as a trusted device with admin privileges because localhost registrations were silently approved. The vendor released 2026.2.25 on Feb 26, 2026, and urges immediate updates, access audits, and stronger governance for agent identities.
read more →

Critical Juniper PTX Router Flaw Lets Attackers Gain Root

🔒 Juniper PTX core routers running Junos OS Evolved contain a critical vulnerability that can allow an unauthenticated, network-based attacker to execute code as root. The flaw is in the On-Box Anomaly detection framework, which is enabled by default and should not be externally reachable. Juniper says it is unaware of any active exploitation and urges installation of 25.4R1-S1-EVO, while recommending ACLs or firewall filters and the alternative command request pfe anomalies disable as temporary mitigations.
read more →

Silent Google API Key Change Exposed Gemini AI Data

🔒 Researchers at Truffle Security discovered that Google Cloud API keys, historically described as simple billing identifiers (prefix Aiza), began functioning as authentication tokens for embedded Gemini AI instances. A Common Crawl scan in November found 2,863 live, publicly exposed keys, including from major firms and Google itself, which could be used to retrieve uploaded files, cached context, or to consume API quota and incur charges. Google confirmed the issue after disclosure, restricted affected keys, and advises administrators to audit and rotate keys.
read more →

CISA: RESURGE Malware Can Remain Dormant on Ivanti Devices

🔒 CISA warns that the RESURGE implant can remain latent on Ivanti Connect Secure devices, evading detection by awaiting a specific inbound TLS connection rather than beaconing to a command-and-control server. The 32-bit Linux Shared Object libdsupgrade.so hooks the web process, inspects TLS packets using a CRC32 fingerprint, and authenticates attackers with a forged Ivanti certificate. The agency notes related tools like liblogblock.so for log tampering and a kernel extraction script, and it urges administrators to use updated IoCs and hashes to discover and remove dormant infections.
read more →

Local OpenClaw Agents Vulnerable to WebSocket Abuse

🔒 Researchers at Oasis Security disclosed a chain of flaws that allowed malicious websites to connect to a locally running OpenClaw agent and seize control. The issue exploits browser behavior that permits WebSocket connections to localhost combined with the agent’s automatic device pairing, weak authentication and disabled rate limits. Tracked as CVE-2026-25253, the vulnerability enabled silent password brute-forcing and device registration. OpenClaw issued a prompt fix (v2026.2.25+) but experts warn architectural changes and stronger controls are needed.
read more →