All news with #advisory tag

🔔 CISA released one Industrial Control Systems advisory on September 25, 2025 addressing Dingtian DT-R002. The advisory, ICSA-25-268-01, provides technical details on identified vulnerabilities and recommended mitigations for affected ICS devices. Administrators and operators are encouraged to review the advisory promptly and apply mitigations to reduce operational risk. This product is provided subject to CISA's Notification and Privacy & Use policies.

🛡️ Cisco released security updates addressing a high-severity zero-day, tracked as CVE-2025-20352, in IOS and IOS XE. The flaw is a stack-based buffer overflow in the SNMP subsystem that allows authenticated remote attackers with low privileges to trigger DoS, and high-privileged actors to execute code as root on affected devices. Cisco reports exploitation in the wild after Administrator credentials were compromised and urges customers to upgrade; as a temporary mitigation it recommends limiting SNMP access to trusted users.

⚠️ Libraesva has released an urgent update to address a command injection vulnerability in its ESG email security product that is being exploited by state‑sponsored actors. Tracked as CVE-2025-59689 with a CVSS score of 6.1, the flaw is triggered by a malicious compressed attachment and can execute arbitrary commands as a non‑privileged user. Users should upgrade affected versions (4.5–5.5.x before 5.5.7) to the patched releases immediately.

🔒 GitHub is implementing stronger defenses for the npm ecosystem after recent supply-chain attacks that compromised repositories and spread to package registries. The platform will require 2FA for local publishing, shorten token lifetimes to seven days, deprecate classic tokens and TOTP in favor of FIDO/WebAuth, and promote trusted publishing. Changes will roll out gradually with documentation and migration guides to reduce disruption.

🔔 CISA released six Industrial Control Systems (ICS) advisories on September 23, 2025, providing timely information on security issues, vulnerabilities, and potential exploits across multiple product families. The advisories cover AutomationDirect CLICK PLUS, Mitsubishi Electric MELSEC‑Q Series CPU Module, Schneider Electric SESU, Viessmann Vitogate 300, and two updates for Hitachi Energy RTU500 Series. Users and administrators are urged to review each advisory for technical details and apply recommended mitigations promptly.

🔒 SonicWall has disclosed a security incident affecting its cloud backup service for firewalls, reporting that threat actors accessed stored preference files for roughly 5% of its install base. While credentials inside those files are encrypted, exposed metadata such as serial numbers could enable future targeting. SonicWall said this was not a ransomware event but a series of brute-force attempts. Impacted customers are asked to check MySonicWall, restrict WAN access, follow the vendor's remediation checklist, and import a supplied preferences file that randomizes local passwords and IPSec keys.

⚠️ Westermo disclosed an OS command injection vulnerability in WeOS 5 (CVE-2025-46418) affecting versions 5.24 and later. The flaw arises from unsafe handling of media definitions and can allow an authenticated administrator to inject OS commands and potentially exceed intended privileges. CVSS scores include 7.6 (v3.1) and 8.7 (v4). Vendor and CISA recommend restricting admin access, segmenting networks, and using secure remote access practices as mitigations.

🛡️ CISA released nine Industrial Control Systems (ICS) advisories on September 18, 2025, detailing vulnerabilities, exploits, and mitigations affecting multiple vendors and products. The advisories cover Westermo WeOS, Schneider Electric Saitel RTUs, Hitachi Energy Asset and Service Suites, Cognex In‑Sight devices, Dover Fueling Solutions ProGauge MagLink LX4 devices, plus updates for rail linking protocols and Mitsubishi FA engineering tools. Administrators and operators are urged to review the technical details and apply recommended mitigations promptly to reduce operational and safety risk.

🔒 Amazon RDS for MySQL now supports the Extended Support minor release 5.7.44-RDS.20250818, and AWS recommends upgrading to this build to address known security vulnerabilities and bug fixes in earlier 5.7 releases. Extended Support provides up to three additional years of critical security and bug fixes after a major community end-of-support date. This coverage applies to MySQL databases running on both RDS and Aurora, and administrators can create or update instances in the Amazon RDS Management Console; see the Amazon RDS User Guide for upgrade details.

🔒 CISA republished an advisory describing a Siemens-reported OpenSSL bug (CVE-2022-0778) that can cause an infinite loop during certificate parsing in many Siemens products. The issue affects multiple product families and has a CVSS v3.1 base score of 7.5, allowing remote denial-of-service with low attack complexity. Siemens has published firmware and software updates and recommends applying vendor updates, restricting network access to affected interfaces, and following product hardening guidance where fixes are not yet available.

🔒 Siemens ProductCERT disclosed multiple high-severity vulnerabilities affecting devices that use Apache HTTP Server components, including RUGGEDCOM, SINEC NMS, and SINEMA. CVE-2021-34798, CVE-2021-39275, and CVE-2021-40438 carry CVSSv3 scores up to 9.8 and can be exploited remotely with low attack complexity. Siemens has published updates for some products (for example, SINEC NMS V1.0.3 and SINEMA Remote Connect Server V3.1), while other platforms currently have no fix planned. CISA advises restricting access to affected systems and following Siemens ProductCERT guidance.

🔔 CISA released eight Industrial Control Systems advisories on September 16, 2025, providing technical descriptions of vulnerabilities and vendor mitigations. The advisories affect products from Schneider Electric, Hitachi Energy, Siemens, and Delta Electronics, and include issues ranging from OpenSSL-related flaws to product-specific defects. One advisory is an update for Galaxy VS/VL/VXL (ICSA-25-140-07 Update A). Administrators are urged to review the advisories and apply recommended mitigations promptly to reduce operational risk.

⚠️ Researchers at ETH Zürich and Google disclosed a RowHammer variant named Phoenix (CVE-2025-6202) that reliably induces bit flips on SK Hynix DDR5 devices and bypasses on-die ECC and advanced TRR protections. The team demonstrated an end-to-end privilege escalation on a production desktop with default DDR5 settings in as little as 109 seconds. Phoenix takes advantage of refresh intervals that mitigation logic does not sample, enabling flips across DIMM stacks produced between 2021 and 2024. Because DRAM chips cannot be updated in the field, the researchers recommend increasing the DRAM refresh rate to 3× as an immediate mitigation and urge vendors to pursue firmware and hardware countermeasures.

🔒 Apple published iOS 26, iPadOS 26 and macOS 26 updates that patch multiple vulnerabilities but did not report active exploitation. The releases address 27 defects in iOS/iPadOS and 77 in macOS, and also include fixes across Safari, watchOS, visionOS and Xcode. Users who prefer not to upgrade to the year-numbered releases can apply security-only updates — iOS 18.7, iPadOS 18.7 or macOS 15.7 — while many devices from 2019 or earlier are not supported. Trend Micro’s Dustin Childs said he saw no sign of active exploitation in this batch, though macOS fixes for PackageKit and StorageKit are notable because exploitation could yield root privileges.

⚠ A critical remote code execution flaw, CVE-2025-5086, has been observed being exploited in the wild against Delmia Apriso, Dassault Systèmes' manufacturing operations platform. CISA added the issue to its Known Exploited Vulnerabilities catalog with a CVSS score of 9.0, yet the vendor has provided minimal public guidance. Researchers report exploit scans and a circulating sample that was detected by only one AV engine, underscoring urgent patching challenges for manufacturers.

⚠️ Microsoft has warned that Exchange Server 2016 and Exchange Server 2019 will reach end of extended support on October 14, 2025. After that date Microsoft will stop providing technical support, including bug fixes, time zone updates, and security patches, which could increase exposure to vulnerabilities. Administrators are advised to migrate to Exchange Online or upgrade to Exchange Server Subscription Edition, with documented migration and upgrade paths available.

⚠️ CISA added a critical deserialization vulnerability, CVE-2025-5086, affecting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) releases 2020–2025 to its KEV catalog following evidence of active exploitation. The flaw can allow remote code execution via the /apriso/WebServices/FlexNetOperationsService.svc/Invoke endpoint when attackers send a Base64 payload that decodes to a GZIP-compressed Windows DLL. Observed attacks delivered a DLL identified by Kaspersky as Trojan.MSIL.Zapchast.gen, capable of spying and exfiltrating data. FCEB agencies are urged to apply updates by October 2, 2025, to secure their networks.

🚨 The Australian Cyber Security Centre has observed increased exploitation of SonicWall SSL VPNs by the Akira ransomware group, leveraging CVE-2024-40766. The vulnerability, patched over a year ago, affects SonicWall Gen 5 and Gen 6 appliances and Gen 7 devices running SonicOS 7.0.1-5035 and earlier. Organisations remain at risk if they did not both install firmware updates and immediately rotate administrative credentials after migration. Security vendors Rapid7 and Recorded Future report automated intrusions tied to this issue; operators are advised to patch, reset passwords, restrict VPN access and enable robust MFA.

🔒CISA reaffirms federal leadership of the CVE Program, arguing that a neutral, government steward is essential to preserve trust and national security. The agency ties the program to operational initiatives such as the Known Exploited Vulnerabilities (KEV) Catalog and warns that privatization or fragmentation would erode reliability and increase risk. CISA outlines a shift from a 'Growth Era' to a 'Quality Era' focused on improving completeness, accuracy, timeliness, governance, and sustainable infrastructure, and invites practitioners, industry, and international partners to help shape the program's future.

🔔 CISA released fourteen Industrial Control Systems (ICS) advisories on September 9, 2025, providing timely information on security issues, vulnerabilities, and potential exploits affecting critical industrial products. The set includes advisories for Rockwell Automation (ThinManager, Stratix IOS, FactoryTalk families, CompactLogix, ControlLogix, Analytics LogixAI, 1783-NATR), Mitsubishi Electric, Schneider Electric, ABB, and others. Administrators are urged to review the advisories for technical details, CVE references, and recommended mitigations, and to prioritize patching, configuration changes, and compensating controls to reduce operational risk.