< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2062 articles · page 57 of 104

Critical Modular DS WordPress Flaw Enables Admin Takeover

⚠️ Patchstack reports a maximum-severity vulnerability (CVE-2026-23550, CVSS 10.0) in the Modular DS WordPress plugin affecting all versions up to and including 2.5.1. The flaw permits unauthenticated privilege escalation via routes under /api/modular-connector/ when the "direct request" mode with an "origin=mo" parameter is used, bypassing authentication. Exploitation was observed beginning Jan 13, 2026, and the issue is patched in 2.5.2; administrators should update immediately.
read more →

Amazon RDS Custom Adds Microsoft SQL Server GDR Updates

🔒 Amazon RDS Custom for SQL Server now supports the latest General Distribution Release (GDR) updates, enabling SQL Server 2019 CU32+GDR (KB5068404) and SQL Server 2022 CU21+GDR (KB5068406) on managed instances. These releases correspond to RDS builds 15.00.4455.2.1.v1 and 16.00.4222.2.1.v1 and address vulnerabilities referenced by CVE-2025-59499. We recommend that you upgrade affected RDS Custom instances using the Amazon RDS Management Console, AWS SDK, or CLI and consult the Amazon RDS Custom User Guide for upgrade procedures. Before applying updates in production, review release notes and test the patches in non-production environments to validate application compatibility and backups.
read more →

Amazon RDS adds support for Microsoft SQL Server GDR updates

🔔 Amazon RDS for SQL Server now supports Microsoft SQL Server GDR updates for 2016 SP3, 2017 CU31, 2019 CU32 and 2022 CU22 (RDS versions 13.00.6475.1.v1, 14.00.3515.1.v1, 15.00.4455.2.1.v1, 16.00.4225.2.1.v1). These GDRs address vulnerabilities tracked as CVE-2025-59499. We recommend upgrading instances via the Amazon RDS Console, SDK, or CLI and consult the RDS SQL Server upgrade guide to plan and apply the updates.
read more →

CodeBuild Misconfiguration Threatened AWS Console SDK

⚠️ A critical CodeBuild misconfiguration discovered by Wiz Research allowed untrusted pull requests to run privileged builds, enabling potential injection of malicious code into core AWS repositories—including the AWS SDK for JavaScript that underpins the AWS Console. The flaw was an unanchored regex in an ACTOR_ID webhook filter that let attacker-controlled GitHub IDs bypass restrictions and access credentials stored in build memory. AWS patched the issue within 48 hours, revoked exposed credentials, added protections to block memory-based credential theft and introduced a Pull Request Comment Approval build gate. Wiz advises blocking untrusted PRs, using fine‑grained tokens and anchoring webhook regexes.
read more →

Mandiant/GCP Release Net-NTLMv1 Rainbow Tables for Defenders

🔐 Mandiant and Google Cloud published a comprehensive dataset of Net-NTLMv1 rainbow tables to accelerate defender validation and mitigation of this long-deprecated protocol. The tables make known-plaintext attacks trivial, enabling recovery of authenticating password hashes in under 12 hours on consumer hardware costing less than $600. The release includes SHA512 checksums, usage guidance with tools like rainbowcrack and ntlmv1-multi, and prescriptive remediation steps to disable Net-NTLMv1 and monitor for coercion-based authentications.
read more →

Critical RCE in n8n Forces Immediate Global Remediation

🚨 A critical remote code execution vulnerability, CVE-2026-21858 (CVSS 10.0), has been disclosed in n8n, allowing attackers to fully compromise locally deployed instances. Researchers estimate roughly 100,000 servers are affected and there are no official workarounds available. The n8n project has released a patched build; users must upgrade to n8n version 1.121.0 or later to remediate the issue. Administrators should prioritize patching and follow vendor advisories immediately.
read more →

Critical HPE OneView RCE Under Active Exploitation Campaign

🚨 Check Point Research reports large-scale active exploitation of CVE-2025-37164, a critical remote code execution flaw in HPE OneView. The campaign, attributed to the RondoDox botnet, generated tens of thousands of automated attack attempts that were blocked by Check Point defenses. The issue was reported to CISA and added to the Known Exploited Vulnerabilities catalog on January 7, 2026; organizations should patch immediately.
read more →

AVEVA Process Optimization: Multiple Critical Flaws

⚠️ AVEVA has released patches for multiple vulnerabilities in Process Optimization that could allow remote code execution, SQL injection, privilege escalation, and disclosure of sensitive data. The most severe, CVE-2025-61937, permits unauthenticated remote code execution at OS System privileges (CVSS 10.0). AVEVA's remediation requires updating to Process Optimization v2025; CISA and the vendor also recommend firewall restrictions, ACLs, and ensuring encrypted channels.
read more →

FortiSIEM phMonitor Command Injection: CVE-2025-64155

⚠️ A critical command injection vulnerability in Fortinet FortiSIEM (phMonitor, tracked as CVE-2025-64155) enables unauthenticated attackers to inject commands and write files that are executed as the root user. Exploit code was disclosed publicly after a responsible disclosure to Fortinet in August 2025, and researchers warn the flaw may have allowed remote root access for nearly three years. Fortinet has released patched builds and advises restricting access to TCP port 7900 and applying updates immediately.
read more →

Palo Alto Warns of DoS Flaw That Can Disable Firewalls

⚠️ Palo Alto Networks patched a high-severity flaw (CVE-2026-0227) in PAN-OS that can allow unauthenticated actors to trigger a denial-of-service, forcing affected firewalls into maintenance mode when GlobalProtect gateway or portal features are enabled. The issue impacts PAN-OS 10.1 and later and some Prisma Access configurations; most cloud Prisma Access instances have been upgraded. Administrators should apply vendor-supplied fixes for their PAN-OS branch immediately to prevent potential disruptions.
read more →

Palo Alto Fixes GlobalProtect DoS Vulnerability, Critical

🔒 Palo Alto Networks has released patches for a high-severity denial-of-service vulnerability (CVE-2026-0227, CVSS 7.7) affecting GlobalProtect Gateway and Portal components. The flaw, caused by an improper check for exceptional conditions (CWE-754), can be triggered by an unauthenticated attacker and may force affected firewalls into maintenance mode. A proof-of-concept exploit exists and there are no workarounds, so administrators should prioritize applying the vendor updates.
read more →

Bluetooth Vulnerability Allows Remote Control of Wheelchairs

⚠️ Researchers demonstrated remote control of WHILL wheelchairs via unsecured Bluetooth connections. CISA has issued an advisory noting the devices did not enforce pairing authentication, allowing attackers within Bluetooth range to pair and control movement, override speed restrictions, and alter configuration profiles without credentials or user interaction. Users and operators should follow the advisory, apply vendor updates, and disable Bluetooth when not required.
read more →

Exploit Published for Critical FortiSIEM Command Injection

🔓 A critical FortiSIEM vulnerability, tracked as CVE-2025-25256, enables remote unauthenticated attackers to execute arbitrary commands by invoking exposed phMonitor handlers. Horizon3.ai disclosed technical details and published a demonstrative exploit after Fortinet issued patches across supported branches. The flaw combines arbitrary write with privilege escalation to root and affects a range of FortiSIEM releases; Fortinet advises applying the supplied updates or restricting access to the phMonitor port (7900) as a temporary mitigation.
read more →

Microsoft Updates WinSqlite3.dll After False Positives

🔔 Microsoft has released updates to WinSqlite3.dll after third-party security tools began flagging the Windows core DLL as vulnerable to CVE-2025-6965. The company said the false positive affected Windows 10, Windows 11, and server editions through Windows Server 2025. Microsoft resolved the detection in updates released January 13, 2026 and later and urges users to install the latest patches. It also clarified WinSqlite3.dll is distinct from sqlite3.dll.
read more →

Siemens RUGGEDCOM APE1808 Vulnerabilities and Mitigations

🔒Siemens has disclosed multiple vulnerabilities affecting RUGGEDCOM APE1808 devices, tied to cross-site scripting and a path traversal flaw (CVE-2025-40891, CVE-2025-40892, CVE-2025-40893, CVE-2025-40898). The issues include stored HTML/JavaScript injection in Time Machine Snapshot Diff, Reports, and Asset List features, and an authenticated path traversal in Arc data import that can enable arbitrary file writes. Siemens is preparing fixes and advises contacting Siemens ProductCERT, segregating and protecting device networks, and following Siemens operational security guidance until patches are available.
read more →

Schneider Electric EcoStruxure Power Build Vulnerabilities

🔒 Schneider Electric disclosed vulnerabilities in EcoStruxure Power Build Rapsody that can cause memory corruption and buffer overflows when importing project (SSD) files. Two tracked issues — CVE-2025-13844 (double free, CVSS 5.3) and CVE-2025-13845 (use-after-free, CVSS 7.8) — may allow local attackers to execute code if a user opens a malicious file. Schneider released regional fixed builds; users should install the appropriate update, restart services, and follow recommended mitigations if patching is delayed.
read more →

Siemens Industrial Edge Device Kit: Authorization Bypass

🔒 Users of Siemens Industrial Edge Device Kit should apply updates immediately. CISA reports an authorization bypass (CVE-2025-40805) that enables unauthenticated attackers to impersonate legitimate users by abusing unsecured API endpoints; the issue is rated CVSS v3.1 10.0. Siemens has published patches for multiple arm64 and x86-64 builds (for example V1.24.2 and V1.25.1) and advises restricting network access where fixes are not yet available.
read more →

Siemens SINEC Security Monitor: Update Recommended

🔒 Siemens has released a security update for SINEC Security Monitor addressing two vulnerabilities (CVE-2025-40830, CVE-2025-40831) in versions before V4.10.0. The flaws allow an authenticated user to read or write arbitrary files via the ssmctl-client file_transfer feature and to cause a report-generation denial-of-service. Siemens recommends updating to V4.10.0 or later and reducing network exposure per operational guidance.
read more →

RUGGEDCOM ROS TLS Certificate Upload Vulnerability

⚠️ Siemens reports a temporary denial-of-service vulnerability in RUGGEDCOM ROS devices that can be triggered via the TLS certificate upload process. Authenticated remote attackers may upload malformed certificate data to cause a crash and an automatic reboot (CVE-2025-40935, CWE-20), producing a brief availability outage. Siemens has published fixed firmware; update affected systems to V5.10.1 or later. CISA advises isolating control networks, minimizing internet exposure, using secure remote access, and performing impact analysis before applying mitigations.
read more →

Siemens SIMATIC/SIPLUS DoS via S7 Disconnect (CVE-2025-40944)

🔒 Siemens SIMATIC and SIPLUS ET 200 family devices contain a denial-of-service vulnerability triggered by a valid S7 protocol Disconnect Request (COTP DR TPDU) received on TCP port 102. Affected modules can enter an improper session state and become unresponsive, requiring a power cycle to recover. Siemens has released firmware updates for multiple affected products and recommends applying vendor-released fixes; where updates are not available, network mitigations such as filtering TCP port 102 to trusted addresses and isolating control networks are advised.
read more →