All news with #advisory tag

⚠ CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-35616, an Improper Access Control flaw affecting Fortinet FortiClient EMS. The agency reports evidence of active exploitation and highlights that this vulnerability class is a common attack vector posing significant risks to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV items by their due dates, and CISA urges all organizations to prioritize timely remediation.

🔒Cisco has released patches for a critical authentication bypass in its Integrated Management Controller (IMC), tracked as CVE-2026-20093. The flaw, caused by incorrect handling of password changes, can be exploited via specially crafted HTTP requests to gain unauthenticated admin access. Affected platforms include standalone UCS C-Series, UCS E-Series, Catalyst 8300, and 5000 Series systems. Administrators should apply updates and restrict IMC exposure immediately.

📰 The ThreatsDay Bulletin highlights immediate, actionable risks including a pre-auth RCE chain in Progress ShareFile (CVE-2026-2699/CVE-2026-2701), unpatched ImageMagick zero-days enabling RCE, and novel CloudTrail evasion techniques that erase forensic visibility. It also details widespread mobile-rootkit campaigns, a sharp rise in open-source and supply-chain malware advisories, and phishing apps abusing distribution services to harvest credentials. Defenders should prioritize patching, sandboxing ingest pipelines, and hunting for signs of chained low-and-slow techniques and suspicious AWS API activity.

📧 Microsoft is investigating a known issue that prevents some Classic Outlook users from sending messages via Outlook.com, causing non-delivery reports that indicate permission errors (0x80070005-0x0004dc-0x000524). The problem is more likely when the Outlook.com account is an Outlook profile linked to another Exchange account or when an Exchange Online mail contact shares the same SMTP address. Microsoft published temporary workarounds — remove the M365 account Address Book, hide the Outlook.com contact in the Global Address List, create a fresh Classic profile with only the affected account, or use the New Outlook client or webmail until a permanent fix is deployed.

⚠️ OpenCode Systems' OC Messaging and USSD Gateway version 6.32.2 contain an improper access control vulnerability (CVE-2025-70614, CVSS 3.1 Base Score 8.1) that can allow an authenticated low-privileged user to access SMS messages outside their tenant by providing a crafted company/tenant identifier. OpenCode released version 6.33.11 on 2026-01-06 to remediate the issue. Administrators should upgrade affected systems to 6.33.11 or later and limit network exposure of messaging gateways.

⚠ CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-33634, an Aqua Security Trivy issue involving embedded malicious code that CISA reports is being actively exploited. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by their due dates; CISA urges all organizations to prioritize timely patching and mitigation. CISA will continue to update the catalog as new evidence of exploitation emerges.

⚠️CISA reports a critical remote code execution vulnerability (CVE-2026-4681) affecting PTC Windchill and FlexPLM, with a CVSS v3.1 base score of 10.0. The issue stems from deserialization of untrusted data (CWE-94) and could allow unauthenticated attackers to run arbitrary code. PTC is developing a patch and advises immediate application of documented workarounds and updated Apache or IIS configurations to protect public, file, and replica servers.

⚠️ CISA has added CVE-2026-33017 — a Langflow code injection vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the specified due dates. CISA urges all organizations to prioritize timely remediation to reduce exposure to active threats.

⚠️ PyPI warned developers after two malicious releases of the Python LLM middleware LiteLLM were briefly posted, potentially exposing any credentials accessible to the package environment. Sonatype and Wiz analyses describe a three-stage, obfuscated payload that harvested environment variables, cloud and CI/CD credentials, SSH keys, and other sensitive artifacts, encrypting stolen data before exfiltration. PyPI linked the uploads to an exploited Trivy dependency in the ongoing TeamPCP supply-chain campaign and urged users to revoke or rotate secrets that may have been exposed.

⚠️ PTC has alerted customers to a critical vulnerability (CVE-2026-4681) in Windchill and FlexPLM that could enable remote code execution via deserialization of trusted data. German authorities (BKA) have taken emergency action to warn organizations, citing an imminent threat. Patches are under development, and PTC published an Apache/IIS rule mitigation that denies access to the affected servlet path without breaking functionality. The vendor also released IoCs and detection guidance; if mitigation is not possible, prioritize disconnecting internet-facing instances or shutting down the service.

⚠️Citrix has released a security bulletin for NetScaler ADC and NetScaler Gateway addressing two vulnerabilities: CVE-2026-3055 (critical out-of-bounds read, CVSS 9.3) and CVE-2026-4368 (race condition, CVSS 7.7). The issues affect customer-managed appliances with specific SAML IDP or Gateway/AAA configurations rather than default installs or Citrix-managed cloud instances. Cloud Software Group recommends immediate installation of the vendor-published patches and notes a temporary Global Deny List mitigation available for select 14.1 builds while upgrades are scheduled.

🔒 Apple is urging users on older versions of iOS to update immediately after reporting that web-based exploit kits such as Coruna and DarkSword have been used to deliver data-stealing malware via compromised sites. Apple says devices running the latest releases (iOS 15 through 26) are not affected, and has released targeted patches for legacy hardware. For devices that cannot be updated, Apple recommends specific interim updates and enabling Lockdown Mode to reduce exposure.

🔒 CISA is urging IT and security leaders to harden endpoint management configurations after pro‑Iranian group Handala reportedly abused Microsoft Intune in a March 11 attack on Stryker that disrupted operations and enabled remote wipes. The guidance emphasizes least‑privilege administrative roles, phishing‑resistant MFA, privileged access hygiene, and multi‑admin approval for destructive actions. Although focused on Intune, CISA says these defensive principles apply to any UEM. Organizations should audit admin access, require multi‑party approvals, and continuously monitor privileged activity.

⚠ A newly disclosed vulnerability called PolyShell affects all Magento Open Source and Adobe Commerce version 2 installations, enabling unauthenticated code execution and potential account takeover. Adobe has issued a fix only in the 2.4.9 alpha, leaving production sites exposed. Sansec warns the exploit method is already circulating and urges admins to restrict access to pub/media/custom_options/, verify nginx/Apache rules, and scan for uploaded shells or backdoors.

⚠ CISA has urged federal agencies to apply patches for two actively exploited vulnerabilities affecting Synacor Zimbra Collaboration Suite and Microsoft Office SharePoint. Zimbra's Classic UI suffered a stored XSS (CVE-2025-66376) patched in versions 10.0.18 and 10.1.13 in November 2025, while SharePoint had a deserialization RCE (CVE-2026-20963) fixed in January 2026. CISA set FCEB patching deadlines and reported no public attribution or scale; separately, Amazon detailed exploitation of a Cisco firewall-management zero-day (CVE-2026-20131) by the Interlock ransomware group.

⚠️ CISA has ordered Federal Civilian Executive Branch agencies to remediate an actively exploited stored cross-site scripting vulnerability in the Zimbra Collaboration Suite, tracked as CVE-2025-66376. The flaw in the Classic UI can be abused via CSS @import directives in HTML emails by remote, unauthenticated attackers to execute arbitrary JavaScript, risking session hijack and data exfiltration. Agencies were given until April 1 under BOD 22-01, and all organizations are urged to apply vendor patches or available mitigations immediately.

🔒 ConnectWise warned customers about a critical cryptographic signature verification bug in ScreenConnect (tracked as CVE-2026-3564) that affects versions prior to 26.1 and can enable unauthorized session authentication and privilege escalation. The vulnerability allows attackers who obtain ASP.NET machine key material to generate or modify protected values the server will accept, potentially resulting in hijacked sessions and elevated access. ConnectWise patched the issue in ScreenConnect 26.1 by adding encrypted storage and improved handling for machine keys; cloud-hosted instances were auto-upgraded while on-premises administrators must upgrade immediately. The vendor reported observed attempts to abuse disclosed machine key material in the wild but has no confirmed evidence of exploitation against ConnectWise-hosted instances and urges responsible disclosure of active findings.

🔒 The Federal Office for Information Security (BSI) has warned that software used in medical practices, clinics and long-term care needs stronger protections to safeguard sensitive patient data. In tests of standard configurations, the agency described the IT security of healthcare software as in need of improvement, finding chains of vulnerabilities in three of four representative practice management systems that could be exploited from the Internet. Outdated encryption algorithms were specifically cited; manufacturers were informed and issued timely fixes.

🛡️ Qualys TRU has disclosed 'CrackArmor,' a set of nine AppArmor vulnerabilities present since Linux kernel 4.11 (2017). These AppArmor flaws allow local, unprivileged users to manipulate security profiles via kernel pseudo-files, enabling local privilege escalation, container isolation bypass, Denial-of-Service and potential kernel-memory exposure. Qualys developed proof-of-concept exploits but has not publicly released the code to limit risk. Organizations should prioritize applying vendor kernel updates and scanning for affected systems.

📧 Microsoft is investigating several issues that are disrupting email synchronization and server connections in the classic Outlook desktop client. One bug causes 'Can't connect to the server' errors when creating groups if Exchange Web Services (EWS) is enabled because an AD Graph validation call fails; Microsoft plans updated group functionality using REST APIs and recommends using the new Outlook or OWA until a fix is released. Separate reports describe 0x800CCC0F and 0x80070057 errors for Gmail and Yahoo accounts after password changes — a temporary workaround is to delete the affected identity registry entries — and a cursor disappearance bug affecting Outlook and some Microsoft 365 apps is also under investigation.