< ciso
brief />
Tag Banner

All news with #advisory tag

373 articles · page 2 of 19

Microsoft Rebukes Public Zero‑Day Disclosures

🛡️ Microsoft has urged the security research community to follow Coordinated Vulnerability Disclosure (CVD) after a researcher publicly released details and exploit code for multiple Windows zero‑days, including issues in Defender and BitLocker. The company said several disclosed flaws were not shared with Microsoft before publication, exposing customers to unnecessary risk and prompting security teams to work continuously on protections and updates. Some of the disclosed flaws — BlueHammer, RedSun and UnDefend — are reported to be actively exploited in the wild, and vendor actions have included takedowns of the researcher’s GitHub account.
read more →

Microsoft criticizes uncoordinated zero-day disclosures

🛡️ Microsoft has criticized researchers for publicly disclosing six zero-day vulnerabilities before patches were available, calling such actions irresponsible and risky. The company said its security teams are working around the clock to investigate and mitigate issues including privilege escalation and bypass flaws in Defender and BitLocker. Microsoft urged adherence to industry-standard coordinated vulnerability disclosure (CVD) practices, typically allowing a 90-day embargo for patch development. It cautioned that uncoordinated releases can place proof-of-concept exploit code into malicious hands and undermines efforts to protect customers.
read more →

ABB EIBPORT XSS Vulnerability and Firmware Patch

🔒 ABB disclosed a cross-site scripting vulnerability in affected ABB EIBPORT firmware versions that can expose session identifiers and allow unauthorized access. A firmware update is available that modifies session and credential handling and hardens product configuration. ABB recommends applying the update promptly and following network segmentation and firewall best practices to reduce exposure.
read more →

CP Plus NVR Stored XSS Advisory and Mitigation

📣 A stored Cross-Site Scripting (XSS) vulnerability affects certain CP Plus 8-channel NVR 1xxx series devices due to insufficient input sanitization. Successful exploitation can execute malicious scripts in the browsers of authenticated users and administrators, risking session hijacking, unauthorized actions, and data exposure. CP Plus recommends updating device firmware to the listed version and contacting support for upgrade assistance. CISA also advises network isolation, limiting internet exposure, and following established ICS defensive practices.
read more →

Hard-coded Credentials in USR-W610 Converter Exposed

🔒 The USR-W610 RS232/485 to Wi‑Fi/Ethernet Converter from Jinan USR IOT Technology Limited contains plaintext administrative credentials embedded in its firmware. These hard-coded credentials can be extracted through firmware analysis and used to authenticate to device services, enabling potential administrator access. CISA reports no confirmed public exploitation and encourages users to contact the vendor and apply updates where available. Mitigations include network segmentation, firewalling, and using secure remote access methods such as VPNs with current updates.
read more →

Supply Chain Intrusions Target Developer Tooling

🔒 CISA is addressing multiple software supply chain intrusions that target developer ecosystems, specifically CI/CD pipelines, code extensions, and workflows. A malicious Nx Console VS Code extension (version 18.95.0) exploited a prior compromise of Nx developer systems to access a GitHub employee’s device, leading to unauthorized access and exfiltration of internal repositories and assignment of CVE-2026-48027. The “Megalodon” campaign injected malicious GitHub Action workflows to harvest CI/CD secrets, cloud credentials, and tokens. CISA urges organizations to detect and remediate potential compromises and implement recommended best practices for package repositories and CI/CD security.
read more →

ABB B&R Automation Studio: SQLite component vulnerabilities

🔒 ABB disclosed multiple vulnerabilities in affected versions of B&R Automation Studio stemming from an outdated third-party SQLite component. An update to Automation Studio 6.5 corrects these issues and the vendor urges customers to apply the update promptly. The advisory lists numerous memory safety and logic issues (heap overflows, integer overflows, use-after-free, NULL dereferences, improper input validation, and more) that could enable unauthorized access, data exposure, or remote code execution. Customers should follow the product manual to identify versions and install updates, and apply general security recommendations as mitigation.
read more →

Microsoft Weighs Patch for YellowKey BitLocker Flaw

🔒 Microsoft is evaluating a patch for a newly disclosed zero-day, YellowKey, which can bypass BitLocker encryption and allow local attackers to read and modify files. The company issued an advisory for CVE-2026-45585 and provided immediate mitigation guidance while a fix is considered. Organizations are urged to limit physical access to vulnerable devices, audit their environments, and strengthen Secure Boot and firmware integrity controls.
read more →

Microsoft outlines mitigations for YellowKey zero-day

🛡️ Microsoft has published mitigations for the YellowKey Windows BitLocker zero-day (tracked as CVE-2026-45585) after a public proof-of-concept revealed attackers can place crafted FsTx files on USB or EFI media and boot into WinRE to bypass protections. The company advises removing autofstx.exe from the Session Manager BootExecute value and reestablishing BitLocker trust for WinRE. It also recommends switching devices from TPM-only to TPM+PIN to require a pre-boot PIN. These steps are interim mitigations until a security update is available.
read more →

Microsoft: Patch Download Failures in Restricted Networks

🔧 Microsoft warns that Windows Update may fail on restricted networks after installing the January 2026 optional preview updates, producing error code 0x80010002. Affected devices may download the February security update but then fail to retrieve March or later releases via the Windows Update settings. The issue stems from tightened download timeout requirements and does not affect installation capability. Admins can apply Known Issue Rollback (KIR) group policies and restart devices to work around the problem.
read more →

Drupal warns of urgent core security release on May 20

⚠️ The Drupal Security Team announced a planned core security release for all supported branches on May 20, 2026, from 5–9 p.m. UTC. Administrators are urged to reserve that window because exploits may emerge within hours or days, and to update to the latest patch for their branch in advance. Patches are expected for 11.3.x, 11.2.x, 10.6.x and 10.5.x, with mitigation guidance and instructions for end-of-life releases included.
read more →

Patched Windows Cloud Filter Bug Reappears as Exploit

🔒 Researchers report a six-year-old elevation-of-privilege vulnerability in the Windows Cloud Filter driver cldflt.sys remains exploitable despite a 2020 patch. Nightmare Eclipse reworked a Google Project Zero PoC by James Forshaw into an exploit called MiniPlasma, which can elevate a local user to SYSTEM on many builds. The issue, tracked as CVE-2020-17103, involves undocumented key-creation behavior and is race-dependent; Microsoft declined immediate comment.
read more →

Zero-Day Exploit Targets Windows BitLocker TPM Protections

⚠️A new zero-day called YellowKey, published this week by a researcher using the alias Nightmare-Eclipse, demonstrates a reliable bypass of default Windows 11 BitLocker deployments. The exploit circumvents disk encryption that relies solely on the TPM-stored key and requires physical access to the affected machine. Organizations that mandate BitLocker, including government contractors, should reassess device physical security and BitLocker configuration.
read more →

NCSC Guidance: Securing Agentic AI Deployments and Risks

🔒 The UK’s National Cyber Security Centre (NCSC) has published new guidance for organisations considering the adoption of agentic AI, summarising a wider report produced with Five Eyes partners. It flags the heightened risk from agent autonomy and complexity, including excessive access, unpredictable behaviour and actions that can outpace human review. The NCSC advises incremental deployment with tightly bounded pilots, clear ownership, ongoing monitoring and meaningful human oversight, and points organisations to industry best practice such as ETSI EN 304 223.
read more →

MiniPlasma Zero-Day Enables SYSTEM Privilege on Windows

🛡️Chaotic Eclipse has published a proof-of-concept for a Windows privilege escalation zero-day, dubbed MiniPlasma, which targets the Cloud Files Mini Filter Driver (cldflt.sys) in the HsmOsBlockPlaceholderAccess routine. Originally reported to Microsoft in September 2020 and linked to CVE-2020-17103, the researcher says the exact issue remains unpatched. Tests show it can spawn a SYSTEM shell on fully patched Windows 11 systems running May 2026 updates, though success rates vary due to a race condition.
read more →

Microsoft: KB5089549 Fails on Devices with Low ESP

⚠️ Microsoft confirmed that the May 2026 Windows 11 cumulative update KB5089549 can fail to install and roll back on systems with limited free space on the EFI System Partition (ESP). Installation may proceed to about 35–36% before aborting with 0x800f0922 errors and the rollback message. Logs show SpaceCheck: Insufficient free space and servicing boot file errors. Microsoft advises using Known Issue Rollback or applying a Group Policy in managed environments to mitigate.
read more →

Exploit Released for DirtyDecrypt Linux Root Escalation

🔒 A proof-of-concept exploit is available for the recently patched DirtyDecrypt (aka DirtyCBC) local privilege escalation in the Linux kernel's rxgk module, enabling attackers to gain root on systems built with CONFIG_RXGK enabled. The flaw, independently reported by the V12 team on May 9, aligns with CVE-2026-31635, which was patched in late April. The PoC has been tested against Fedora and mainline kernels and mainly affects distributions that track upstream releases, such as Fedora, Arch, and openSUSE Tumbleweed. Users should apply kernel updates or use recommended mitigations until patches are deployed.
read more →

MiniPlasma Zero-Day Allows SYSTEM Access on Windows

🔒 A researcher known as Chaotic Eclipse published a proof-of-concept exploit and a compiled executable for a Windows privilege escalation zero-day named MiniPlasma. The researcher says the issue affects the cldflt.sys Cloud Filter driver and an undocumented CfAbortHydration API, and claims the bug traces back to a 2020 report (CVE-2020-17103). BleepingComputer tested the PoC on a fully patched Windows 11 Pro system (May 2026 updates) and reproduced SYSTEM-level access. Microsoft has been contacted for comment.
read more →

NGINX Heap Overflow CVE-2026-42945 Exploited in the Wild

⚠️ A high-severity heap buffer overflow (CVE-2026-42945, CVSS 9.2) in the ngx_http_rewrite_module of NGINX Plus and NGINX Open (versions 0.6.27–1.30.0) is being exploited in the wild shortly after disclosure. The flaw, reportedly introduced in 2008, can allow unauthenticated attackers to crash worker processes or, when Address Space Layout Randomization (ASLR) is disabled and certain configurations are present, achieve remote code execution. Users are advised to apply F5's fixes and review server configurations urgently.
read more →

Cisco fixes CVE-2026-20182 SD-WAN Controller bypass

🔒 Cisco has released fixes for a maximum-severity authentication bypass in Cisco Catalyst SD-WAN Controller (CVE-2026-20182) that it says has been exploited in limited attacks. The flaw allows a remote unauthenticated attacker to become an authenticated peer and obtain administrative privileges by abusing the peering authentication mechanism. Affected deployments include On-Prem, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP); Cisco urges immediate patching and recommends auditing /var/log/auth.log for suspicious peering or publickey entries.
read more →