All news with #advisory tag

🔒 A critical authentication bypass was identified in cPanel and WHM, prompting an emergency update that requires administrators to run /scripts/upcp –force to install patched builds. Hosting provider Namecheap temporarily blocked ports 2083 and 2087 used by the control panels while vendors issued fixes, underscoring the severity. Systems on unsupported cPanel releases will not receive security updates and should be upgraded immediately.

⚠️ cPanel has released urgent security updates to remediate an authentication vulnerability affecting all currently supported versions of its control panel. The vendor issued patched builds (11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.136.0.5, 11.134.0.20) and advises immediate updating. If you run an unsupported version, cPanel warns you to upgrade as it may also be affected. Hosting provider Namecheap temporarily blocked TCP ports 2083 and 2087 while applying the fixes and is actively deploying the official patches across its servers.

⚠️ A newly disclosed vulnerability, dubbed Pack2TheRoot (CVE-2026-41651), permits local Linux users to install or remove system packages and obtain root privileges by abusing the PackageKit daemon. The bug dates back to 2014 and affects PackageKit versions 1.0.2 through 1.3.4; it is resolved in PackageKit 1.3.5. Administrators should upgrade immediately, verify if packagekit is running, and monitor logs for assertion failures or crashes as likely indicators of attempted exploitation.

🚨 CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation: CVE-2024-7399 (Samsung MagicINFO 9 path traversal), CVE-2024-57726 (SimpleHelp missing authorization), CVE-2024-57728 (SimpleHelp path traversal), and CVE-2025-29635 (D-Link DIR-823X command injection). The agency notes these are common attack vectors that present significant risk to the federal enterprise and reminds Federal Civilian Executive Branch agencies of remediation obligations under BOD 22-01. Although that directive applies only to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation as part of standard vulnerability management.

⚠️ Microsoft confirmed a recent Microsoft Edge update introduced a regression preventing some Windows users from joining scheduled Microsoft Teams meetings or meetings launched via links. The company advised impacted users to restart the Teams client as a temporary workaround while engineers analyze diagnostic data and monitor recent service changes. Microsoft classified the incident as an advisory and has not disclosed affected regions or user counts.

🔐The UK National Cyber Security Centre now recommends offering passkeys as the default authentication option for consumer accounts, saying passwords are "no longer resilient enough" for modern threats. The agency highlights that FIDO2-based passkeys rely on device-bound cryptographic keys and local verification (biometrics or PINs), making them resistant to phishing and credential reuse. Where passkeys are not yet supported it advises using password managers and strong multi-factor verification, and warns organisations to secure account recovery and fallback processes.

⚠️ The UK’s National Cyber Security Centre (NCSC-UK), alongside international partners, warns that China‑nexus threat actors are increasingly using large proxy networks of compromised consumer devices to route traffic and evade detection. These covert networks are largely composed of compromised SOHO routers, IoT cameras, DVRs, and NAS devices, and enable traffic to exit near intended targets to defeat geographic and static-IP defenses. Authorities point to large botnets such as Raptor Train (over 260,000 infected devices in 2024) and disrupted operations like KV‑Botnet; defenders are urged to deploy multifactor authentication, map edge devices, consume dynamic threat feeds, use allowlists, and adopt zero-trust and machine certificate verification.

🔒 This advisory from CISA and international partners, informed by UK NCSC analysis, describes a tactical shift by China‑nexus actors toward externally provisioned, large‑scale covert networks of compromised edge devices. Such networks—made up of SOHO routers, IoT cameras, NAS units and firewalls—are used for reconnaissance, malware delivery, multi‑hop C2 proxying and data exfiltration. The guidance urges organizations to map and inventory edge assets, baseline normal connections, leverage dynamic threat feeds, and enforce multifactor authentication to reduce exposure and improve detection.

🔓 CISA warns that Yadea T5 electric bicycles are affected by a weak authentication vulnerability tracked as CVE-2025-70994. A local attacker who intercepts a legitimate key fob transmission can forge signals to unlock and start the bicycle, enabling theft; CISA assigns a CVSS v3.1 score of 7.3 (High) and notes the issue is not remotely exploitable. Yadea did not respond to coordination efforts; users should secure property with external locks, keep devices updated, and contact vendor support.

⚠️ CISA warns of a critical path traversal vulnerability (CVE-2026-6074) in Intrado 911 Emergency Gateway that can expose the EGW management interface to unauthenticated access from an attacker with network access. The flaw enables reading, modifying, or deleting files and has a CVSS v3.1 base score of 9.8. Intrado released an update on March 2, 2026; organizations should apply the vendor patch immediately. Apply CISA guidance to minimize internet exposure and contact E911Support@intrado.com for vendor coordination.

🔒 CISA warns of five vulnerabilities in Milesight camera firmware that can cause device crashes or permit remote code execution. The flaws affect numerous MS-, PM-, TS-, SC-, and SP-series models and include a CRITICAL use-of-default SSL private key (CVE-2026-32644) plus several HIGH-severity issues such as hard-coded credentials and a heap-based buffer overflow. Milesight has released firmware updates; operators should apply the latest PE/PC/PA builds and follow recommended network isolation and secure remote-access practices.

⚠️ CISA reports two high-severity authorization and authentication flaws in SpiceJet Online Booking System (CVE-2026-6375, CVE-2026-6376) that permit unauthenticated disclosure of passenger information. Both issues carry a CVSS 3.1 base score of 7.5 and allow PNR enumeration and full booking retrieval without proper access controls. SpiceJet did not respond to coordination requests; CISA recommends defensive network segmentation and other mitigations.

🔒 CISA published a malware analysis on FIRESTARTER, a backdoor that enables remote access and persistent control of Cisco Firepower and Secure Firewall devices running ASA or FTD software. The report, co-sealed with NCSC-UK, attributes exploitation to an APT using CVE-2025-20333 and CVE-2025-20362. CISA issued Emergency Directive 25-03 requiring FCEB agencies to identify affected devices, collect forensic data, apply vendor updates, and report findings to mitigate ongoing risk.

🛡️ CISA and the U.K. NCSC, together with federal and international partners, released an advisory on deniable, dynamic covert networks exploited by Chinese government-linked actors. The advisory outlines how threat groups leverage weak home, small-office, and IoT devices to build large botnets that enable espionage, intrusion, device takeover, and data theft. It provides actionable detection and mitigation steps — including asset mapping, connection baselining, persistent log collection, and multifactor authentication — to help organizations protect critical infrastructure.

⚠️ CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-39987, a Marimo Remote Code Execution flaw the agency identified as actively exploited. The advisory notes that Remote Code Execution is a common, high-risk attack vector capable of enabling full system compromise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed issues by required deadlines, and CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.

⚠️ The Carlson VASCO-B GNSS Receiver contains an authentication bypass that allows unauthenticated network access to device configuration and operational functions. Affected firmware builds are versions prior to 1.4.0 (CVE-2026-3893) and the issue carries a CVSS 3.1 base score of 9.4 (Critical). Carlson Software recommends updating to 1.4.0 or later and restricting network exposure. Follow network segmentation and firewall controls to mitigate exposure until you apply the update.

🔍 Anthropic warns that its AI vulnerability-discovery system Mythos will sharply increase the pace and volume of software flaws, forcing defenders to prioritize what to fix. The company recommended using the probabilistic EPSS model (developed by Empirical Security and published through FIRST) to triage vulnerabilities—patching CISA’s KEV list first, then addressing CVEs above a chosen EPSS threshold. Empirical Security leaders emphasize that EPSS is machine-driven and already integrated across many vendor products.

🔒 Siemens has disclosed an authorization bypass vulnerability in Industrial Edge Management that may allow an unauthenticated remote attacker to circumvent authentication and access connected devices using the product's remote connection feature. Tracked as CVE-2026-33892, the flaw has a CVSS v3.1 base score of 7.1 (High). Siemens released patched versions and urges operators to update immediately and restrict network access to affected systems.

🔒 The Siemens TPM 2.0 reference implementation contains a vulnerability (CVE-2025-2884) in the CryptHmacSign helper that can perform an out‑of‑bounds read because it does not validate the signature scheme against the signature key algorithm. Successful exploitation could result in information disclosure or denial of service of the TPM. Siemens ProductCERT has published fixes for many affected SIMATIC and IPC models and is preparing additional updates; where fixes are not yet available, CISA and Siemens recommend network isolation and other mitigations.

⚠️ A vulnerability in Siemens SINEC NMS when used with the User Management Component (UMC) allows an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. Tracked as CVE-2026-24032 and scored CVSS v3.1 7.3 (High), the flaw stems from insufficient validation of user identity in the UMC. Siemens released an update; operators should upgrade to V4.0 SP3 or later. Limit network exposure, isolate control networks behind firewalls, and follow Siemens' industrial security guidance when applying fixes.