All news with #advisory tag

🔒 This week's recap spotlights a DOM-based extension clickjacking technique disclosed by researcher Marek Tóth at DEF CON that affects popular browser password manager plugins. Vendors including Bitwarden, Dashlane, Enpass, KeePassXC-Browser, Keeper, LastPass, NordPass, ProtonPass, and RoboForm issued fixes by August 22. Other leading stories cover legacy Cisco devices exploited for persistent access, an actively exploited Apple 0-day in ImageIO, cloud intrusions leveraging trusted partner relationships, and several high-risk CVEs to prioritize.

⚠️ CISA added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025: CVE-2024-8069 and CVE-2024-8068 affecting Citrix Session Recording, and CVE-2025-48384, a Git link following vulnerability. CISA states these defects are supported by evidence of active exploitation and represent frequent attack vectors that pose significant risk to the federal enterprise. While BOD 22-01 binds Federal Civilian Executive Branch agencies to remediate listed CVEs by the required due dates, CISA urges all organizations to prioritize timely remediation and incorporate these entries into vulnerability management workflows.

🔔 CISA released three Industrial Control Systems (ICS) advisories on August 21, 2025, detailing vulnerabilities and potential exploits affecting products from Mitsubishi Electric and FUJIFILM. The notices cover MELSEC iQ-F Series CPU Module, Mitsubishi Electric air conditioning systems (Update A), and Synapse Mobility. Each advisory includes technical details and recommended mitigations. CISA urges administrators and asset owners to review and apply the guidance promptly.

🛡️ CISA released four Industrial Control Systems (ICS) advisories on August 19, 2025, highlighting vulnerabilities and potential exploits that could affect operational technology environments. The advisories—ICSA-25-231-01 (Siemens Desigo CC Product Family and SENTRON Powermanager), ICSA-25-231-02 (Siemens Mendix SAML Module), ICSA-25-217-02 (Tigo Energy Cloud Connect Advanced, Update A), and ICSA-25-219-07 (EG4 Electronics EG4 Inverters, Update A)—include technical details and recommended mitigations. Users and administrators are urged to review the advisories and apply vendor guidance and mitigations promptly to reduce exposure.

🔒 Cisco Talos disclosed multiple vulnerabilities across WWBN AVideo, MedDream PACS Premium, and the Eclipse ThreadX FileX component. The issues include several reflected and stored XSS flaws, a race condition and incomplete blacklist handling in AVideo that can be chained to achieve arbitrary code execution, privilege escalation and credential exposure in MedDream, and a RAM-disk buffer overflow in FileX that can lead to remote code execution on embedded devices. All affected vendors issued patches per Cisco’s disclosure policy, and Talos advises deploying vendor fixes and using Snort rule updates and Talos advisories for detection and mitigation guidance.

⚠️CISA issued an alert on a high-severity vulnerability affecting on-premise Microsoft Exchange servers disclosed today. The agency is actively monitoring and coordinating mitigation with Microsoft and government and industry partners to assess scope and impact. Organizations are strongly urged to implement Microsoft guidance immediately to reduce risk and protect critical infrastructure.

🏆 Congratulations to the researchers recognized on the MSRC 2025 Q2 Leaderboard. The top three overall are wkai, Brad Schlintz (nmdhkr), and 0x140ce, with category leaders across Azure, Office, Windows, and Dynamics. The leaderboard reflects assessments completed April 1–June 30, 2025, and includes cases submitted earlier but assessed in Q2. MSRC also notes that Researcher Recognition points are now visible in the researcher portal to improve transparency.