All news with #advisory tag

⚠️ Ivanti is urging customers to patch a critical vulnerability (CVE-2025-10573) in its Endpoint Manager (EPM) that allows unauthenticated remote actors to execute arbitrary JavaScript via low-complexity cross-site scripting that requires user interaction. Reported by Rapid7, the flaw lets attackers join fake managed endpoints to poison administrator dashboards and hijack admin sessions when viewed. Ivanti released EPM 2024 SU4 SR1 and addressed three other high-severity bugs, while Shadowserver reports hundreds of Internet-facing EPM instances.

⚠️ Festo SE & Co. KG's LX Appliance contains a cross-site scripting (XSS) vulnerability tied to the video.js library (CVE-2021-23414) that can allow crafted course content to execute scripts in high-privilege user sessions. The issue affects LX Appliance versions prior to June 2023 and has a CVSS v3.1 base score of 6.1. Festo coordinated disclosure with CERT@VDE and published advisory FSA-202301. Administrators should update affected appliances and apply recommended network isolation and secure remote access controls.

⚠️ U-Boot contains an improper access control vulnerability in volatile memory holding boot code (CVE-2025-24857) affecting all U-Boot versions prior to 2017.11 and several Qualcomm SoCs. Successful exploitation could allow arbitrary code execution; CISA reports a CVSS v4 base score of 8.6 with low attack complexity. Vendors advise upgrading to v2025.4, ensuring physical device security, and contacting Qualcomm support where appropriate.

🔔 CISA published three Industrial Control Systems (ICS) advisories addressing vulnerabilities in Universal Boot Loader (U-Boot) (ICSA-25-343-01), the Festo LX Appliance (ICSA-25-343-02), and several India-based CCTV camera models (ICSA-25-343-03). Each advisory provides technical details, impact assessments, and recommended mitigations. CISA urges system operators, vendors, and administrators to review the advisories promptly and apply available updates or compensating controls to reduce operational risk.

🔒 CISA reports a critical authentication bypass (CWE-306, CVE-2025-13607) affecting multiple India-deployed CCTV products, including D-Link DCS-F5614-L1. The flaw permits unauthenticated remote retrieval of device configuration and account credentials with low attack complexity and high impact. D-Link has released a software update for the DCS-F5614-L1; users should install the patch, verify firmware versions, and minimize network exposure while seeking guidance from other vendors.

🔒 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-6218 (WinRAR path traversal) and CVE-2025-62221 (Microsoft Windows use-after-free). The agency cited evidence of active exploitation and emphasized that these flaws are frequent attack vectors posing significant risk to the federal enterprise. CISA reiterated that BOD 22-01 requires FCEB agencies to remediate cataloged CVEs by the required due dates and urged all organizations to prioritize timely remediation.

🔔 Microsoft’s December 2025 Patch Tuesday addresses 57 CVEs, including one actively exploited Important zero‑day in the Windows Cloud Files Mini Filter Driver and two publicly disclosed Important zero‑days impacting GitHub Copilot for JetBrains and PowerShell. Two Critical RCE flaws in Microsoft Office increase urgency for enterprise patching and remediation. Organizations should prioritize applying Microsoft fixes, adopt layered mitigations where patches are delayed, and use CrowdStrike Falcon dashboards to track affected assets and remediation progress.

⚠️ Apache Tika maintainers warn that an XML External Entity (XXE) vulnerability originally disclosed in August (CVE-2025-54988) is broader than first reported and is now covered by a superset CVE (CVE-2025-66516). The issue affects tika-core, tika-parsers and the standalone tika-parser-pdf-module, and could allow attackers to read sensitive data or trigger requests to internal resources. Users are advised to upgrade to the patched releases or disable XML parsing via tika-config.xml to mitigate risk.

⚠️Gartner recommends blocking AI browsers such as ChatGPT Atlas and Perplexity Comet because they transmit active web content, open tabs, and browsing context to cloud services, creating risks of irreversible data loss. Analysts cite prompt-injection, credential exposure, and autonomous agent errors as primary threats. Organizations should block installations with existing network and endpoint controls and restrict any pilots to small, low-risk groups.

🔔 The UK National Cyber Security Centre (NCSC) is piloting Proactive Notifications, a service delivered via Netcraft that scans publicly available internet data to identify exposed software and missing security services. The NCSC will email affected organizations — messages originate from netcraft.com, contain no attachments, and do not request payments or personal data. The pilot covers UK domains and IPs on UK ASNs and focuses on notifying about specific CVEs and general weaknesses like weak encryption.

🚨 Researchers disclosed critical remote code execution vulnerabilities in the Flight protocol for React Server Components (CVE-2025-55182 and CVE-2025-66478). The flaw permits unauthenticated attackers to achieve deterministic RCE via insecure deserialization of malformed HTTP payloads, with near-100% reliability against default deployments. Vendors have issued patched releases; administrators should apply upgrades immediately. Palo Alto Networks Unit 42 published detection guidance and hunting queries to help identify exploitation and post-exploitation activity.

🔒 Cisco Talos disclosed an out‑of‑bounds read in PDF‑XChange Editor (CVE‑2025‑58113) and ten vulnerabilities affecting Socomec DIRIS Digiware M series and Easy Config. The issues range from information disclosure and authentication bypass to multiple denial‑of‑service and buffer overflow flaws. Vendors have released patches; administrators should apply updates and deploy Snort rules to detect exploitation.

🔒 CISA warns that Chinese threat actors have used Brickstorm malware to backdoor VMware vSphere servers, creating hidden rogue virtual machines and exfiltrating cloned VM snapshots to harvest credentials. A joint analysis with the NSA and Canada's Cyber Security Centre examined eight samples and documents layered evasion including nested TLS, WebSockets, SOCKS proxying and DNS-over-HTTPS. CISA provides YARA and Sigma rules, advises blocking unauthorized DoH providers, inventorying edge devices, segmenting DMZ-to-internal traffic, and reporting detections as required.

🛡️ US and allied cyber agencies have published joint guidance to help critical infrastructure operators incorporate AI safely into operational technology (OT). Developed by CISA with the Australian Signals Directorate and input from the UK's NCSC, the document covers ML, LLMs and AI agents while remaining applicable to traditional automation systems. It recommends assessing AI risks, protecting sensitive OT data, demanding vendor transparency on embedded AI and supply chains, establishing governance and testing in controlled environments, and maintaining human-in-the-loop oversight aligned with existing cybersecurity frameworks.

🔒 Operational technology (OT) environments underpin critical infrastructure but frequently lag behind IT in cybersecurity maturity. Strong password policies mitigate risks from outdated hardware, shared accounts, remote vendor access, and credential reuse. Core measures include prioritizing password length, enforcing rotation with reuse prevention, and adopting password vaults. Combined with MFA, network segmentation and Privileged Access Workstations, these practices form a resilient OT security posture.

🔒 CISA, NSA, and the Canadian Centre for Cyber Security released a joint malware analysis on BRICKSTORM, a sophisticated backdoor targeting VMware vSphere (vCenter) and Windows environments used by PRC state-sponsored actors. The report provides indicators of compromise (IOCs), detection signatures, and CISA-developed YARA and SIGMA rules to help critical infrastructure owners identify compromises. Recommended mitigations include scanning with the provided rules, inventorying and monitoring edge devices, enforcing network segmentation, and adopting Cross-Sector Cybersecurity Performance Goals; organizations are urged to report suspected activity to CISA immediately.

🚨 A weak password recovery mechanism in MAXHUB Pivot client allows remote attackers to request password resets and potentially take over accounts. MAXHUB reports all Pivot client versions prior to v1.36.2 are affected and has released v1.36.2 to address the issue. CISA assigned CVE-2025-53704 and rates the flaw high severity (CVSS v4 8.7) with low attack complexity. Administrators should apply the update and follow recommended network-segmentation and access controls to reduce exposure.

🔔 On December 4, 2025, CISA published nine Industrial Control Systems advisories addressing vulnerabilities in products from Mitsubishi Electric, MAXHUB, Johnson Controls, Sunbird, SolisCloud, and Advantech. The release also includes updated advisories for Consilium Safety CS5000 and Johnson Controls FX families. Each advisory provides technical details, affected versions, and recommended mitigations. Administrators are encouraged to review the advisories and apply vendor guidance promptly.

🔒 The Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Signals Directorate’s Australian Cyber Security Centre published a joint guide outlining four principles to safely integrate AI into operational technology (OT). The guidance emphasizes educating personnel, assessing AI uses and data risks, establishing governance, and embedding safety and security. It focuses on ML, LLMs, and AI agents while remaining applicable to other automation approaches. CISA and international partners encourage OT owners and operators to adopt these risk-informed practices to protect critical infrastructure.

🔒 CISA and the Australian Signals Directorate released joint guidance, Principles for the Secure Integration of Artificial Intelligence in Operational Technology, to help critical infrastructure owners and operators balance AI benefits with OT safety and reliability. The guidance focuses on ML, LLMs, and AI agents while remaining applicable to traditional statistical and logic-based systems. It emphasizes four core areas—Understand AI, Assess AI Use in OT, Establish AI Governance, and Embed Safety and Security—and recommends integrating AI considerations into incident response and compliance activities.