All news with #advisory tag

🔒 The Cybersecurity and Infrastructure Security Agency (CISA), alongside multiple federal partners, warns of malicious cyber activity targeting internet-exposed automatic tank gauge (ATG) systems used across energy, chemical, food and agriculture, and transportation sectors. The advisory outlines observed tactics—such as authentication bypass, command execution, and privilege escalation—and urges owners to remove ATG devices from public internet exposure, apply patches, enforce strong credentials, and monitor device logs. It also lists reporting contacts and mitigation resources.

🛡️ Microsoft and a prominent researcher publicly traded barbs after the researcher, going by Nightmare Eclipse, published vulnerabilities he said were ignored; Microsoft countered that those disclosures were irresponsible and increased risk. The exchange included personal accusations, account deletions, and threats, prompting discussion within the security community about disclosure practices. Senior Microsoft staff signaled a review of processes while defenders on both sides highlighted valid concerns about communication, prioritization, and trust.

🛡️ Microsoft has urged the security research community to follow Coordinated Vulnerability Disclosure (CVD) after a researcher publicly released details and exploit code for multiple Windows zero‑days, including issues in Defender and BitLocker. The company said several disclosed flaws were not shared with Microsoft before publication, exposing customers to unnecessary risk and prompting security teams to work continuously on protections and updates. Some of the disclosed flaws — BlueHammer, RedSun and UnDefend — are reported to be actively exploited in the wild, and vendor actions have included takedowns of the researcher’s GitHub account.

🔒 CISA is addressing multiple software supply chain intrusions that target developer ecosystems, specifically CI/CD pipelines, code extensions, and workflows. A malicious Nx Console VS Code extension (version 18.95.0) exploited a prior compromise of Nx developer systems to access a GitHub employee’s device, leading to unauthorized access and exfiltration of internal repositories and assignment of CVE-2026-48027. The “Megalodon” campaign injected malicious GitHub Action workflows to harvest CI/CD secrets, cloud credentials, and tokens. CISA urges organizations to detect and remediate potential compromises and implement recommended best practices for package repositories and CI/CD security.

🔒 The USR-W610 RS232/485 to Wi‑Fi/Ethernet Converter from Jinan USR IOT Technology Limited contains plaintext administrative credentials embedded in its firmware. These hard-coded credentials can be extracted through firmware analysis and used to authenticate to device services, enabling potential administrator access. CISA reports no confirmed public exploitation and encourages users to contact the vendor and apply updates where available. Mitigations include network segmentation, firewalling, and using secure remote access methods such as VPNs with current updates.

📣 A stored Cross-Site Scripting (XSS) vulnerability affects certain CP Plus 8-channel NVR 1xxx series devices due to insufficient input sanitization. Successful exploitation can execute malicious scripts in the browsers of authenticated users and administrators, risking session hijacking, unauthorized actions, and data exposure. CP Plus recommends updating device firmware to the listed version and contacting support for upgrade assistance. CISA also advises network isolation, limiting internet exposure, and following established ICS defensive practices.

🔒 ABB disclosed a cross-site scripting vulnerability in affected ABB EIBPORT firmware versions that can expose session identifiers and allow unauthorized access. A firmware update is available that modifies session and credential handling and hardens product configuration. ABB recommends applying the update promptly and following network segmentation and firewall best practices to reduce exposure.

🛡️ Microsoft has criticized researchers for publicly disclosing six zero-day vulnerabilities before patches were available, calling such actions irresponsible and risky. The company said its security teams are working around the clock to investigate and mitigate issues including privilege escalation and bypass flaws in Defender and BitLocker. Microsoft urged adherence to industry-standard coordinated vulnerability disclosure (CVD) practices, typically allowing a 90-day embargo for patch development. It cautioned that uncoordinated releases can place proof-of-concept exploit code into malicious hands and undermines efforts to protect customers.

🔒 ABB disclosed multiple vulnerabilities in affected versions of B&R Automation Studio stemming from an outdated third-party SQLite component. An update to Automation Studio 6.5 corrects these issues and the vendor urges customers to apply the update promptly. The advisory lists numerous memory safety and logic issues (heap overflows, integer overflows, use-after-free, NULL dereferences, improper input validation, and more) that could enable unauthorized access, data exposure, or remote code execution. Customers should follow the product manual to identify versions and install updates, and apply general security recommendations as mitigation.

🔒 Microsoft is evaluating a patch for a newly disclosed zero-day, YellowKey, which can bypass BitLocker encryption and allow local attackers to read and modify files. The company issued an advisory for CVE-2026-45585 and provided immediate mitigation guidance while a fix is considered. Organizations are urged to limit physical access to vulnerable devices, audit their environments, and strengthen Secure Boot and firmware integrity controls.

🛡️ Microsoft has published mitigations for the YellowKey Windows BitLocker zero-day (tracked as CVE-2026-45585) after a public proof-of-concept revealed attackers can place crafted FsTx files on USB or EFI media and boot into WinRE to bypass protections. The company advises removing autofstx.exe from the Session Manager BootExecute value and reestablishing BitLocker trust for WinRE. It also recommends switching devices from TPM-only to TPM+PIN to require a pre-boot PIN. These steps are interim mitigations until a security update is available.

🔧 Microsoft warns that Windows Update may fail on restricted networks after installing the January 2026 optional preview updates, producing error code 0x80010002. Affected devices may download the February security update but then fail to retrieve March or later releases via the Windows Update settings. The issue stems from tightened download timeout requirements and does not affect installation capability. Admins can apply Known Issue Rollback (KIR) group policies and restart devices to work around the problem.

⚠️ The Drupal Security Team announced a planned core security release for all supported branches on May 20, 2026, from 5–9 p.m. UTC. Administrators are urged to reserve that window because exploits may emerge within hours or days, and to update to the latest patch for their branch in advance. Patches are expected for 11.3.x, 11.2.x, 10.6.x and 10.5.x, with mitigation guidance and instructions for end-of-life releases included.

🔒 Researchers report a six-year-old elevation-of-privilege vulnerability in the Windows Cloud Filter driver cldflt.sys remains exploitable despite a 2020 patch. Nightmare Eclipse reworked a Google Project Zero PoC by James Forshaw into an exploit called MiniPlasma, which can elevate a local user to SYSTEM on many builds. The issue, tracked as CVE-2020-17103, involves undocumented key-creation behavior and is race-dependent; Microsoft declined immediate comment.

⚠️A new zero-day called YellowKey, published this week by a researcher using the alias Nightmare-Eclipse, demonstrates a reliable bypass of default Windows 11 BitLocker deployments. The exploit circumvents disk encryption that relies solely on the TPM-stored key and requires physical access to the affected machine. Organizations that mandate BitLocker, including government contractors, should reassess device physical security and BitLocker configuration.

🔒 The UK’s National Cyber Security Centre (NCSC) has published new guidance for organisations considering the adoption of agentic AI, summarising a wider report produced with Five Eyes partners. It flags the heightened risk from agent autonomy and complexity, including excessive access, unpredictable behaviour and actions that can outpace human review. The NCSC advises incremental deployment with tightly bounded pilots, clear ownership, ongoing monitoring and meaningful human oversight, and points organisations to industry best practice such as ETSI EN 304 223.

🛡️Chaotic Eclipse has published a proof-of-concept for a Windows privilege escalation zero-day, dubbed MiniPlasma, which targets the Cloud Files Mini Filter Driver (cldflt.sys) in the HsmOsBlockPlaceholderAccess routine. Originally reported to Microsoft in September 2020 and linked to CVE-2020-17103, the researcher says the exact issue remains unpatched. Tests show it can spawn a SYSTEM shell on fully patched Windows 11 systems running May 2026 updates, though success rates vary due to a race condition.

⚠️ Microsoft confirmed that the May 2026 Windows 11 cumulative update KB5089549 can fail to install and roll back on systems with limited free space on the EFI System Partition (ESP). Installation may proceed to about 35–36% before aborting with 0x800f0922 errors and the rollback message. Logs show SpaceCheck: Insufficient free space and servicing boot file errors. Microsoft advises using Known Issue Rollback or applying a Group Policy in managed environments to mitigate.

🔒 A proof-of-concept exploit is available for the recently patched DirtyDecrypt (aka DirtyCBC) local privilege escalation in the Linux kernel's rxgk module, enabling attackers to gain root on systems built with CONFIG_RXGK enabled. The flaw, independently reported by the V12 team on May 9, aligns with CVE-2026-31635, which was patched in late April. The PoC has been tested against Fedora and mainline kernels and mainly affects distributions that track upstream releases, such as Fedora, Arch, and openSUSE Tumbleweed. Users should apply kernel updates or use recommended mitigations until patches are deployed.

🔒 A researcher known as Chaotic Eclipse published a proof-of-concept exploit and a compiled executable for a Windows privilege escalation zero-day named MiniPlasma. The researcher says the issue affects the cldflt.sys Cloud Filter driver and an undocumented CfAbortHydration API, and claims the bug traces back to a 2020 report (CVE-2020-17103). BleepingComputer tested the PoC on a fully patched Windows 11 Pro system (May 2026 updates) and reproduced SYSTEM-level access. Microsoft has been contacted for comment.