All news with #advisory tag

⚠️ The CISA advisory reports multiple high-severity vulnerabilities in SenseLive X3050 (V1.523) that can allow an attacker on the network to bypass authentication, obtain administrative access, and perform unauthorized firmware operations. Affected issues include hard-coded credentials, missing authentication and authorization, insufficient session handling, cleartext management traffic, CSRF, and unsafe configuration controls that may destabilize device operation. CISA notes no known public exploitation to date; administrators should reduce exposure and contact the vendor.

🔒 Multiple Siemens analytics applications are affected by improper certificate validation in the Siemens Analytics Toolkit, which could allow an unauthenticated remote attacker to conduct man-in-the-middle (MITM) attacks. Affected products include Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge, and Tecnomatix Plant Simulation. Siemens has released vendor fixes; CISA and Siemens recommend applying the updates immediately, minimizing network exposure, and following operational security guidance to isolate control system networks and secure remote access.

⚠️ Siemens reports a vulnerability in RUGGEDCOM CROSSBOW Station Access Controller (SAC) that can lead to memory corruption, denial of service, or possible arbitrary code execution. The issue is tied to a numeric truncation error in older SQLite releases (prior to 3.50.2) and is tracked as CVE-2025-6965. Siemens recommends updating SAC to V5.8 or later and ensuring SQLite is at least version 3.50.2 to mitigate the risk.

⚠ Siemens ProductCERT reports an authorization bypass in SINEC NMS prior to V4.0 SP3 that permits an authenticated attacker to reset the password of any user account. The vulnerability arises from improper validation of authorization when processing password reset requests. Siemens has released V4.0 SP3 to remediate the flaw and CISA republished the vendor advisory. Until systems are updated, organizations should apply network restrictions, isolate control networks, and require secure remote access.

🔐 Shadowserver reported that over 6,400 publicly exposed Apache ActiveMQ servers are vulnerable to an actively exploited code injection bug tracked as CVE-2026-34197. The flaw, discovered by Horizon3 researcher Naveen Sunkavally with the help of the Claude AI assistant after 13 years, permits authenticated actors to execute arbitrary code. Apache issued patches on March 30 in ActiveMQ Classic 6.2.3 and 5.19.4, and CISA has warned of in-the-wild exploitation and ordered federal agencies to secure affected systems.

🛡️ Google has patched a critical prompt-injection vulnerability in its agentic IDE Antigravity that could allow attackers to achieve arbitrary code execution. Researchers at Pillar Security found that the find_by_name tool passed unsanitized input to the native fd search utility, enabling injection of the -X (exec-batch) flag to run staged scripts. Because this call executes before Strict Mode constraints are applied, an attacker can stage a malicious file and trigger it via a crafted search pattern. The issue was disclosed January 7 and fixed by Google on February 28.

⚠️ CISA added eight vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog after observed active exploitation. The additions include flaws affecting PaperCut NG/MF, JetBrains TeamCity, Kentico Xperience, Quest KACE SMA, Synacor Zimbra, and multiple issues in Cisco Catalyst SD‑WAN Manager. Under BOD 22‑01, Federal Civilian Executive Branch agencies must remediate cataloged CVEs by the prescribed due dates; CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.

⚠️ CISA alerts organizations to a software supply chain compromise impacting the Axios npm package. On March 31, 2026, axios@1.14.1 and axios@0.30.4 introduced a malicious dependency plain-crypto-js@4.2.1 that fetches multi-stage payloads, including a remote access trojan. The agency recommends detection and remediation steps such as downgrading to axios@1.14.0 or axios@0.30.3, removing node_modules/plain-crypto-js/, rotating exposed credentials, hardening npm configuration (set ignore-scripts=true and min-release-age=7), and conducting EDR hunts and network monitoring to confirm no remaining indicators of compromise.

🛡️ This week's bulletin highlights both legacy and emerging threats, including a published Microsoft Defender privilege escalation exploit (RedSun) and a 17‑year‑old Excel RCE (CVE‑2009‑0238) newly added to CISA's KEV. Incidents range from a Zerion hot-wallet compromise (~$100K stolen through AI‑enabled social engineering) to a fake macOS Ledger app that drained about $9.5M. Researchers also disclosed novel C2 frameworks, a WordPress plugin supply-chain backdoor affecting 180k+ installs, and a surge in SonicWall/FortiGate brute-force probing. The collection underscores the need to patch promptly, validate app-store integrity, rotate credentials, and audit third-party dependencies.

🔒 Horner Automation products contain a weak-password vulnerability (CVE-2026-6284) that allows network attackers to brute-force credentials and gain unauthorized access to PLC systems and services. Affected versions include Cscape v10.0, XL7 v15.60, and XL4 v16.32.0. The vulnerability is scored CVSS 3.1 9.1 (Critical) and is associated with CWE-521: Weak Password Requirements. Horner has released fixes—update to Cscape v10.2 SP2 and the latest XL4/XL7 firmware—and operators should minimize network exposure and use secure remote access.

🔒 A critical authorization vulnerability (CVE-2026-5387) in AVEVA Pipeline Simulation allows an unauthenticated actor to perform actions reserved for Simulator Instructor or Developer roles, with the potential to modify simulation parameters, training configuration, and training records. Affected versions are <=2025_SP1_build_7.1.9497.6351. AVEVA provides a fix: upgrade to 2025 SP1 P01 (build 7.1.9580.8513) or later; interim mitigations include restricting API network access and enforcing TLS.

⚠️ CISA warns of a stack-based buffer overflow (CVE-2026-5726) in Delta Electronics ASDA-Soft affecting versions <=V7.2.2.0 that can enable arbitrary code execution when a specially crafted .par file is parsed. The flaw is rated High (CVSS 3.1 base score 7.8) and requires local access or user interaction to trigger. Delta advises upgrading to ASDA-Soft v7.2.6.0 or later and following network isolation and defense-in-depth practices.

⚠️ CISA published an advisory describing multiple critical vulnerabilities in Anviz products, including CX2 Lite, CX7, and CrossChex Standard. Issues range from unauthenticated firmware uploads and command injection to credential exposure and cleartext administrative sessions, any of which can lead to remote code execution and full device compromise. The advisory lists numerous CVEs with example CVSS up to 9.8 and notes no vendor response; organizations are urged to isolate affected devices and apply defensive mitigations immediately.

⚠️ CISA added CVE-2026-34197 — an Apache ActiveMQ improper input validation vulnerability — to the KEV Catalog after evidence of active exploitation. The advisory notes this vulnerability type is a frequent attack vector and poses significant risk to the federal enterprise. CISA reminds Federal Civilian Executive Branch agencies to follow BOD 22-01 remediation deadlines and strongly urges all organizations to prioritize timely mitigation.

🛡️ CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2009-0238, a Microsoft Office remote code execution flaw, and CVE-2026-32201, an improper input validation vulnerability in Microsoft SharePoint Server. The additions reflect evidence of active exploitation. Under BOD 22-01 FCEB agencies must remediate cataloged CVEs by the due date; CISA urges all organizations to prioritize remediation.

🔐 The UK’s AI Security Institute (AISI) evaluated Anthropic’s Claude Mythos Preview and found it can autonomously discover and exploit vulnerabilities in controlled tests when given network access. In a 32‑step simulated corporate attack the model completed the full sequence in 3 of 10 runs and averaged 22 of 32 steps, though performance varied. AISI stresses these cyber ranges are easier than real environments and recommended organisations strengthen basics — timely patching, robust access controls, secure configuration and comprehensive logging — while also exploring AI to bolster defensive capabilities.

🛡️ CISA on Apr 14, 2026 added six vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after observing active exploitation. The flaws affect Fortinet FortiClient EMS, Microsoft components (Exchange Server, Windows drivers, Host Process for Windows Tasks, VBA) and Adobe Acrobat Reader, and include SQL injection, deserialization, out-of-bounds read, use-after-free and insecure library loading. Federal civilian agencies must remediate by April 27, 2026.

🔐An analysis by Bellingcat found passwords for almost 800 Hungarian government email accounts circulating online, many tied to national-security roles. The exposure affected 12 of 13 government departments and involved weak, easily guessed credentials such as variations of "Password", sequences like "1234567", and simple surnames. The leaks reflect poor email hygiene rather than a sophisticated intrusion, and experts urge stronger credential practices including password managers and passkeys. Security teams are urged to deploy enterprise controls and regular training to prevent similar exposures.

⚠ Haifei Li has identified a zero-day vulnerability in Adobe Reader that has been exploited since at least December via maliciously crafted PDFs. The attack uses a highly sophisticated, fingerprinting-style exploit that can harvest local data using Acrobat APIs and may enable follow-on RCE or sandbox escape without user interaction beyond opening a file. Li urges users to avoid PDFs from untrusted sources and to monitor network traffic for the Adobe Synchronizer User-Agent string as a temporary mitigation.

🔒 CISA reports two high‑severity vulnerabilities (CVE‑2025‑14815, CVE‑2025‑14816) in Mitsubishi Electric GENESIS64, ICONICS Suite, and related products that may expose SQL Server credentials stored in local caches or displayed in the Hyper Historian Splitter GUI. Successful exploitation could enable disclosure, tampering, or denial of service on affected systems. Vendor updates are available (10.98+ for GENESIS64/ICONICS products and 11.03+ for GENESIS); administrators should disable local cache, delete cache files, prefer Windows authentication, and restrict administrative and remote access until patches are applied.