< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2062 articles · page 58 of 104

Siemens Industrial Edge Authorization Bypass Vulnerability

🔒 Siemens and CISA report an authorization bypass in multiple Siemens Industrial Edge and related devices (CVE-2025-40805) that can allow an unauthenticated remote attacker who knows a legitimate user's identity to impersonate that user. Siemens has released firmware and software updates for many affected models and is preparing additional fixes. Where updates are not yet available, Siemens and CISA advise network isolation, minimizing internet exposure, use of secure remote access (VPNs), and other compensating controls to limit risk.
read more →

Festo Firmware: Undocumented Remote Functions Risk

⚠️ Festo SE & Co. KG and CISA report that numerous Festo firmware products contain undocumented remote-accessible functions and missing port/protocol documentation, tracked as CVE-2022-3270 with a CVSS v3.1 base score of 9.8. An unauthenticated remote attacker could leverage these undocumented protocol functions to cause full loss of confidentiality, integrity, and availability. Festo intends to address the issue by updating technical user manuals in the next product versions; operators should meanwhile reduce network exposure, enforce firewalls, and use VPNs and encrypted links.
read more →

Siemens TeleControl Server Basic Privilege Escalation

⚠ Siemens disclosed a local privilege escalation vulnerability (CVE-2025-40942) in TeleControl Server Basic affecting product versions earlier than V3.1.2.4. The flaw could allow an attacker with local access to execute arbitrary code with elevated privileges and is rated High under CVSS 3.1 (8.8). Siemens released V3.1.2.4 to remediate the issue. Administrators should apply the update promptly and follow network-segmentation and access-control best practices to reduce exposure.
read more →

Fortinet Fixes Critical FortiSIEM Remote Code Flaw

🔒 Fortinet issued patches for a critical FortiSIEM vulnerability (CVE-2025-64155, CVSS 9.4) that permits unauthenticated OS command injection and remote code execution via the phMonitor service on TCP port 7900. The flaw enables argument injection leading to arbitrary file writes as admin and a cron-triggered escalation to root. Affected releases span 6.7–7.4 with fixed builds; 7.5 and FortiSIEM Cloud are not impacted. Apply vendor updates or restrict access to port 7900 as a temporary mitigation.
read more →

Microsoft fixes three zero-days in busy Patch Tuesday

🔒 Microsoft released updates addressing over 100 CVEs on the first Patch Tuesday of 2026, including three zero-day vulnerabilities. CVE-2026-20805 is an actively exploited information-disclosure flaw in the Desktop Window Manager that can undermine ASLR; CVE-2026-21265 concerns a secure-boot certificate-expiration bypass affecting many devices; CVE-2023-31096 is an elevation-of-privilege in legacy Agere modem drivers that Microsoft is removing. Administrators should prioritize patching, review firmware and UEFI certificates, and audit hardware where updates may require manual acceptance.
read more →

Microsoft January 2026 Patch: 114 Windows Flaws Fixed

🔒 Microsoft released its first security update of 2026 addressing 114 vulnerabilities across Windows, including one actively exploited in the wild. The set includes eight Critical and 106 Important flaws, spanning privilege escalation, information disclosure, and remote code execution issues. Administrators are urged to prioritize the exploited CVE-2026-20805 and VBS-related fixes, and to follow guidance for Secure Boot certificate updates to avoid disruption.
read more →

Critical Node.js bug can crash apps via async_hooks

⚠️ Node.js has released critical updates to address a bug that can force the runtime to exit rather than throw a catchable error when a stack overflow occurs with async_hooks enabled. The defect causes Node.js to terminate with exit code 7, creating a potential Denial-of-Service vector for applications whose recursion is controlled by unsanitized input. A fix is available in Node.js 20.20.0, 22.22.0, 24.13.0, and 25.3.0; older, EOL releases remain vulnerable. Users and maintainers are urged to update promptly.
read more →

January 2026 Patch Tuesday: Microsoft critical fixes

🛡️ Microsoft’s January 2026 Patch Tuesday addresses eight critical vulnerabilities and an actively exploited zero-day, with many high‑score flaws affecting Office and SharePoint. The Desktop Window Manager information-disclosure bug (CVE-2026-20805) is already being exploited and can leak memory to enable follow-on attacks. Other priorities include an RRAS heap overflow (CVE-2026-20868), Secure Boot certificate updates (CVE-2026-21265), and multiple NTFS and WinSock elevation issues. Administrators should accelerate patching, restrict local access, and monitor for suspicious activity.
read more →

Microsoft Jan 2026 Patch Tuesday: 113 Flaws, Zero-Day

🔒 Microsoft released January 2026 security updates addressing 113 vulnerabilities across Windows and supported products, including eight rated Critical. The company confirmed active exploitation of a Desktop Window Manager information disclosure flaw, CVE-2026-20805, which researchers say can be chained to code execution bugs. Other prominent fixes include two Office RCEs exploitable via the Preview Pane, a critical Secure Boot bypass, and removal of legacy modem drivers. Experts urge rapid, risk-based patching and careful BIOS/bootloader preparation.
read more →

MongoBleed (CVE-2025-14847): Critical MongoDB Memory Leak

🔴 On Dec. 19, 2025, MongoDB disclosed MongoBleed (CVE-2025-14847), a critical unauthenticated memory-disclosure in MongoDB Server stemming from handling of zlib-compressed wire messages. An attacker with network access to TCP/27017 can cause the server to return heap memory that may include cleartext credentials, API keys, session tokens, and PII. A public PoC and active exploitation were observed; MongoDB Atlas was auto-patched while self-hosted deployments require immediate manual updates and mitigations such as disabling zlib compression and restricting inbound access.
read more →

Microsoft issues replacement Secure Boot certificates

🔒 Microsoft has begun automatically replacing expiring Secure Boot certificates on eligible Windows 11 24H2 and 25H2 systems via Windows Update. The rollout uses high-confidence device targeting and phased signals to ensure only devices with sufficient successful update telemetry receive the new certificates, while administrators can also deploy them using registry keys, WinCS, or Group Policy. Organizations are urged to inventory fleets, verify Secure Boot status, apply firmware updates as needed, and install the certificate updates before existing credentials expire to preserve Secure Boot and pre-boot patching.
read more →

Microsoft Releases Windows 10 KB5073724 ESU Update

🔒 Microsoft released the KB5073724 Extended Security Update for Windows 10, available to Windows 10 Enterprise LTSC and systems enrolled in the ESU program. Install via Settings → Windows Update by performing a manual “Check for Updates”; installs update and raises builds to 19045.6809 (Windows 10) and 19044.6809 (Enterprise LTSC 2021). The update contains only security and bug fixes — including patches for three zero-days, an actively exploited elevation-of-privilege fix in Agere modem drivers, an updated WinSqlite3.dll, and targeted handling for expiring Secure Boot certificates.
read more →

Windows 11 KB5074109 & KB5073455 January 2026 Updates

🛡️ Microsoft released Windows 11 cumulative updates KB5074109 and KB5073455 as the January 2026 Patch Tuesday rollups for 25H2/24H2 and 23H2. The updates are mandatory and advance affected systems to new builds (25H2: 26200.7623 / 24H2: 26100.7462 / 23H2: 226x1.6050), addressing security vulnerabilities, stability fixes, and feature changes. Key fixes include removal of specific legacy modem drivers that will disable dependent hardware, networking repairs for WSL and Azure Virtual Desktop RemoteApp, an NPU idle power fix, an update to WinSqlite3.dll, and a new phased Secure Boot certificate targeting mechanism; Microsoft notes only a minor bug that can hide the password visibility button.
read more →

Microsoft January 2026 Patch Tuesday: 114 Flaws Fixed

🔒Microsoft released its January 2026 Patch Tuesday updates addressing 114 vulnerabilities, including three zero-day flaws and one actively exploited issue. The bulletin patches an actively exploited Desktop Window Manager information disclosure (CVE-2026-20805), renews expiring Secure Boot certificates, and removes legacy Agere modem drivers (agrsm64.sys, agrsm.sys). Eight vulnerabilities are rated Critical, including six remote code execution flaws. Administrators should prioritize these cumulative updates and apply them promptly to reduce exposure.
read more →

Microsoft Patch Tuesday Jan 2026: 112 Fixes and Snort rules

🔒 Microsoft released its January 2026 security updates addressing 112 vulnerabilities across Windows and Office, including eight marked critical. One important issue, CVE-2026-20805, was observed exploited in the wild. Critical flaws include RCEs in LSASS, Word, Excel and Office, plus EoP in the Windows Graphics component and VBS Enclave. Cisco Talos published Snort rules to detect exploitation attempts (Snort 2: 65498, 65499, 65663–65676; Snort 3: 301344, 301368–301374).
read more →

CISA Flags Active Exploitation of Gogs Symlink Flaw

⚠️ CISA has added a high-severity flaw in Gogs to its Known Exploited Vulnerabilities list after active attacks were observed. Tracked as CVE-2025-8110 (CVSS v4.0 8.7), the issue stems from improper handling of symbolic links in the PutContents API and allows authenticated users to overwrite files outside repositories, potentially enabling remote code execution. Wiz reported hundreds of compromises and Censys shows over 1,600 exposed instances; no official patch is yet available, so administrators should apply immediate mitigations such as disabling open registration and restricting access.
read more →

High-severity Broadcom WiFi bug enables 5GHz DoS risk

⚠️ Researchers at Black Duck's Cybersecurity Research Center found a high-severity flaw in Broadcom WiFi chipset software that lets an unauthenticated attacker within radio range disable all clients on the 5 GHz band by sending a single crafted 802.11 frame. The behavior was observed while testing ASUS routers but was traced to Broadcom's chipset code rather than router firmware. Broadcom issued a patched software build to customers and ASUS released firmware updates, although a comprehensive list of affected devices has not been published. Recommended mitigations include segmenting wireless networks, auditing legacy access points, and prioritizing firmware updates based on business criticality.
read more →

Rockwell Automation FactoryTalk DataMosaix SQL Injection

🔒 A SQL injection vulnerability (CVE-2025-12807) in Rockwell Automation's FactoryTalk DataMosaix Private Cloud could allow low-privilege users to perform unauthorized, sensitive database operations through exposed API endpoints. Affected versions include 7.11, 8.00, and 8.01; vendor updates are available. Rockwell Automation and CISA advise updating to Version 8.01.02 or later and applying network isolation and secure remote access mitigations.
read more →

Rockwell Automation 432ES-IG3 Series A DoS Advisory

⚠️ CISA warns of a high-severity denial-of-service vulnerability in Rockwell Automation 432ES-IG3 Series A (CVE-2025-9368) that can render the device unresponsive and requires a manual power cycle to recover. The issue affects firmware V1.001 and has a CVSS v3.1 base score of 7.5 (High). Rockwell Automation has released a firmware update; CISA advises implementing network segmentation, firewalling, and secure remote access while planning the upgrade.
read more →

CISA Adds Microsoft Windows CVE to KEV Catalog - Jan 2026

🔔 CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-20805, a Microsoft Windows information disclosure issue identified as being actively exploited. This vulnerability type is a common attack vector and presents significant risks to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies are required to remediate KEV entries by prescribed due dates, and CISA strongly urges all organizations to prioritize timely remediation. CISA will continue to update the KEV Catalog as new exploited CVEs meet its criteria.
read more →