All news with #advisory tag

🔒 Microsoft Incident Response expands its proactive offerings to help organizations build cyber resilience and reduce disruption. New services include incident response plan development, major event support, an immersive cyber range, advisory engagements, and compromise assessments for M&A activity. These capabilities build on existing services such as compromise assessments, identity assessment and hardening, and tabletop exercises. The focus is on preparation, gap detection, defense hardening, and tailored threat insights to accelerate recovery and strengthen security posture.

🔒 Microsoft is investigating a bug in the classic Outlook client introduced by Current Channel Version 2511 (Build 19426.20218) that prevents recipients from opening messages encrypted with Encrypt Only permissions. Impacted users may see a reading pane error asking them to verify credentials or encounter a message_v2.rpmsg attachment instead of readable content. The Outlook Team is working on a fix but has not provided an ETA. Microsoft recommends two temporary workarounds: have senders save encrypted messages before sending, or roll back to build 16.0.19426.20186.

⚠An unauthenticated command injection (CVE-2026-0625) in dnscfg.cgi allows remote shell execution on multiple legacy D-Link DSL gateway routers. VulnCheck reported the issue to D-Link after The Shadowserver Foundation observed an exploitation attempt on a honeypot on December 15. Confirmed affected models (DSL-526B, DSL-2640B, DSL-2740R, DSL-2780B) are End-of-Life and will not receive patches. D-Link advises retiring affected devices or isolating them in segmented non-critical networks and applying restrictive security settings.

⚠ An unpatched firmware error in the TOTOLINK EX200 wireless range extender can cause the device to start an unauthenticated root-level telnet service when specific malformed firmware files are processed. CERT/CC (CVE-2025-65606) says exploitation requires an attacker to be authenticated to the web management interface to reach the firmware-upload handler, which can then enter an abnormal error state. The vendor has not issued a patch and the product is no longer actively maintained; users are advised to restrict administrative access and consider upgrading to a supported model.

⚠️ Columbia Weather Systems’ MicroServer firmware contains multiple vulnerabilities that could let an attacker redirect SSH connections, expose vendor and user secrets stored on an unencrypted SD card, and obtain a limited interactive shell with elevated file privileges. Affected devices run firmware versions prior to MS_4.1_14142. Columbia Weather Systems recommends updating to MS_4.1_14142 or later and contacting support for assistance; CISA advises minimizing network exposure, isolating control networks, and using secure remote access such as up-to-date VPNs. No known targeted public exploitation has been reported; UsrPacific reported these issues to CISA.

⚠️ A critical sandbox bypass, CVE-2025-68668 (CVSS 9.9), has been disclosed in n8n, allowing an authenticated user with workflow create/modify permissions to execute arbitrary OS commands on the host running n8n. The flaw resides in the Python Code Node that uses Pyodide and affects n8n versions 1.0.0 up to, but not including, 2.0.0. The issue is resolved in n8n 2.0.0, which makes the task-runner native Python implementation the default. Short-term mitigations include disabling the Code Node, disabling Python in the Code Node, or enabling the task-runner Python sandbox via environment variables.

🚨 Maintainers of @adonisjs/bodyparser urge immediate updates after disclosure of CVE-2026-21440, a critical path traversal flaw that can enable attackers to write arbitrary files via unsanitized multipart filenames. The vulnerability stems from MultipartFile.move(location, options) defaulting to client-supplied names when the options.name is omitted. Exploitation requires a reachable upload endpoint and can lead to file overwrite and possible RCE depending on deployment, filesystem permissions, and overwrite settings.

🔒 Bleeping Computer reports that attackers are actively exploiting an older FortiOS vulnerability, CVE-2020-12812, which can bypass two-factor authentication. Although Fortinet issued a patch in July 2020, researchers say at least 10,000 FortiGate firewalls remain unpatched. Administrators are urged to install the latest updates immediately to mitigate account access risks. Additional measures include restricting administrative access, rotating credentials, and monitoring logs for suspicious activity.

🔒 IBM is urging customers to quickly apply interim fixes for a critical authentication-bypass vulnerability in IBM API Connect (CVE-2025-13915) that affects versions 10.0.8.0–10.0.8.5 and 10.0.11.0. The flaw can allow unauthorized access to exposed applications without user interaction and stems from a broken architectural assumption that traffic passing the gateway guarantees identity enforcement (CWE-305). IBM has published platform-specific interim fixes and advises disabling self-service sign-up on Developer Portals if patches cannot be applied; administrators must also remove image overrides when upgrading to avoid persistent shadow state.

🔒 IBM has disclosed a critical authentication bypass in IBM API Connect, tracked as CVE-2025-13915 with a CVSS score of 9.8. The flaw could allow remote attackers to gain unauthorized access to the application. Affected releases include 10.0.8.0–10.0.8.5 and 10.0.11.0. IBM advises downloading the interim fix from Fix Central and, if immediate patching is not possible, disabling Developer Portal self-service sign-up as a temporary mitigation.

🔒 IBM urged customers to patch a critical authentication bypass in its API Connect platform that could allow attackers to access applications remotely. Tracked as CVE-2025-13915 and rated 9.8/10, the flaw affects versions 10.0.11.0 and 10.0.8.0–10.0.8.5. Exploitation is low-complexity and requires no user interaction. IBM recommends upgrading to the latest release and offers interim mitigations, including disabling self-service sign-up on the Developer Portal.

⚠️ The Cyber Security Agency of Singapore (CSA) has warned of a maximum-severity vulnerability, CVE-2025-52691 (CVSS 10.0), in SmarterTools SmarterMail that permits unauthenticated arbitrary file uploads and could enable remote code execution. The flaw affects builds 9406 and earlier and was fixed in Build 9413 (Oct 9, 2025); CSA recommends updating to Build 9483 (Dec 18, 2025). While no active exploitation has been reported, administrators should apply the vendor update promptly to mitigate the risk of web shells or malicious binaries being deployed and executed with SmarterMail service privileges.

🔒 CISA has ordered federal civilian agencies to secure systems against MongoBleed (CVE-2025-14847), a high-severity MongoDB Server vulnerability patched on December 19, 2025. The flaw, rooted in how the server uses the zlib compression library, can be exploited by unauthenticated actors to leak credentials, API/cloud keys, session tokens, logs, and PII. An Elastic researcher released a PoC and telemetry shows tens of thousands of potentially vulnerable instances; agencies must patch by January 19, 2026, or apply vendor mitigations or temporarily disable zlib until updates can be deployed.

🔔 CISA published two Industrial Control Systems (ICS) Advisories: ICSA-25-364-01 for WHILL C2 Wheelchairs and ICSA-25-345-03 for AzeoTech DAQFactory (Update A). The advisories describe identified vulnerabilities and recommended mitigations. Administrators and users are encouraged to review the technical details and apply mitigations promptly to reduce exposure.

⚠️ CISA has added CVE-2025-14847, an MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency vulnerability, to the KEV Catalog after evidence of active exploitation. The designation signals a significant risk to the federal enterprise under BOD 22-01, which requires Federal Civilian Executive Branch agencies to remediate listed vulnerabilities by their due dates. Although BOD 22-01 applies to FCEB agencies, CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management and will continue adding qualifying CVEs to the catalog.

⚠️ React 19 was hit by React2Shell, a critical unauthenticated RCE in React Server Components. The flaw allows arbitrary code execution on servers via crafted requests and affects default React and Next.js deployments. Multiple vendors, including Google and AWS, reported active exploitation within hours; patches are available. Defenders should validate exposure beyond version checks and hunt for backdoors, tunneling, and unexpected child processes.

⚠ A newly disclosed vulnerability, CVE-2025-14847 (dubbed MongoBleed), is being actively exploited to leak sensitive data from MongoDB server memory. The flaw in zlib-based network message decompression lets unauthenticated attackers send malformed compressed packets to read uninitialized heap memory before authentication. Researchers report over 87,000 potentially vulnerable instances worldwide and widespread exposure in cloud environments. Administrators should apply published patches, disable zlib compression as a temporary mitigation, restrict network exposure, and monitor for anomalous pre-auth connections.

🔒 A high-severity vulnerability in MongoDB can allow unauthenticated clients to read uninitialized heap memory by exploiting mismatched length fields in zlib-compressed protocol headers. Tracked as CVE-2025-14847 with a CVSS score of 8.7, the flaw stems from improper handling of inconsistent length parameters. It affects a broad set of releases from 3.6 through 8.2, and MongoDB has published fixes (including 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32 and 4.4.30); administrators unable to upgrade immediately are advised to disable zlib compression or restrict compressors to snappy or zstd.

⚠️ CISA has published an updated Industrial Control Systems advisory, ICSA-25-177-01 (Update B), addressing multiple vulnerabilities affecting Mitsubishi Electric air conditioning systems and associated operational components. The advisory outlines technical findings, potential impacts to building automation and HVAC control networks, and prioritized mitigation steps. Administrators and operators should review the guidance promptly, apply vendor updates where available, and implement network segmentation and enhanced monitoring to reduce risk.

🔴 A critical vulnerability in the n8n workflow automation platform (CVE-2025-68613, CVSS 9.9) allows expressions supplied by authenticated users to be evaluated in an execution context that is not sufficiently isolated from the runtime. An attacker able to create or edit workflows could abuse this behavior to execute arbitrary code with the privileges of the n8n process, risking full instance compromise, data exposure, and workflow tampering. The flaw affects versions from 0.211.0 up to, but not including, 1.120.4 and has been patched in 1.120.4, 1.121.1, and 1.122.0; apply these updates or restrict workflow editing and harden deployments.