All news with #advisory tag

🔐 The US Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC) and the Federal Bureau of Investigation (FBI), alongside international partners, have released principles to secure operational technology (OT) connectivity. Led by NCSC-UK, the guidance offers a shared framework to design and manage secure connectivity across OT environments. It emphasizes embedding cybersecurity into network design to reduce exposure to both state-backed and opportunistic adversaries. The document warns that increased interconnection brings benefits such as real-time analytics and predictive maintenance, but also raises risks that could cause physical harm, environmental damage or service disruption.

⚠️ AVEVA has released patches for multiple vulnerabilities in Process Optimization that could allow remote code execution, SQL injection, privilege escalation, and disclosure of sensitive data. The most severe, CVE-2025-61937, permits unauthenticated remote code execution at OS System privileges (CVSS 10.0). AVEVA's remediation requires updating to Process Optimization v2025; CISA and the vendor also recommend firewall restrictions, ACLs, and ensuring encrypted channels.

⚠️ A critical command injection vulnerability in Fortinet FortiSIEM (phMonitor, tracked as CVE-2025-64155) enables unauthenticated attackers to inject commands and write files that are executed as the root user. Exploit code was disclosed publicly after a responsible disclosure to Fortinet in August 2025, and researchers warn the flaw may have allowed remote root access for nearly three years. Fortinet has released patched builds and advises restricting access to TCP port 7900 and applying updates immediately.

⚠️ Palo Alto Networks patched a high-severity flaw (CVE-2026-0227) in PAN-OS that can allow unauthenticated actors to trigger a denial-of-service, forcing affected firewalls into maintenance mode when GlobalProtect gateway or portal features are enabled. The issue impacts PAN-OS 10.1 and later and some Prisma Access configurations; most cloud Prisma Access instances have been upgraded. Administrators should apply vendor-supplied fixes for their PAN-OS branch immediately to prevent potential disruptions.

⚠️ CISA has added CVE-2025-8110 to its Known Exploited Vulnerabilities catalog after reports of active exploitation targeting Gogs. The high-severity (CVSS 8.7) flaw is a path traversal in the repository file editor's PutContents API that mishandles symbolic links and can lead to remote code execution. There is not yet an official upstream patch, though GitHub pull requests show fixes have been merged and maintainers say new images will include the correction once built. Until patched, users should disable default open-registration, restrict server access behind VPNs or allow-lists, and apply other access controls; FCEB agencies must implement mitigations by Feb 2, 2026.

⚠️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a high-severity remote code execution flaw in Gogs tracked as CVE-2025-8110. The issue is a path traversal weakness in the PutContents API that lets authenticated attackers overwrite files outside repositories via symbolic links, enabling arbitrary command execution. Patches released last week add symlink-aware path validation; agencies must remediate by February 2, 2026. Administrators are advised to disable default open registration and restrict server access.

⚠️ CISA added CVE-2025-8110 to its Known Exploited Vulnerabilities (KEV) Catalog for a Gogs path traversal vulnerability after evidence of active exploitation. The advisory cites BOD 22-01 requirements for Federal Civilian Executive Branch agencies to remediate cataloged KEV entries by the due date. CISA strongly urges all organizations to prioritize timely patching to reduce exposure. CISA will continue to add vulnerabilities that meet the specified criteria.

🛡️ CISA announced the retirement of ten Emergency Directives issued between 2019 and 2024 after required mitigations were implemented or their coverage was incorporated into BOD 22‑01 and CISA’s Known Exploited Vulnerabilities catalog. The closures include directives tied to specific CVEs and high‑profile incidents such as SolarWinds and Exchange. CISA said the action reflects strengthened federal remediation, operational collaboration, and continued emphasis on Secure by Design principles.

🔒 Microsoft Incident Response expands its proactive offerings to help organizations build cyber resilience and reduce disruption. New services include incident response plan development, major event support, an immersive cyber range, advisory engagements, and compromise assessments for M&A activity. These capabilities build on existing services such as compromise assessments, identity assessment and hardening, and tabletop exercises. The focus is on preparation, gap detection, defense hardening, and tailored threat insights to accelerate recovery and strengthen security posture.

🔒 Microsoft is investigating a bug in the classic Outlook client introduced by Current Channel Version 2511 (Build 19426.20218) that prevents recipients from opening messages encrypted with Encrypt Only permissions. Impacted users may see a reading pane error asking them to verify credentials or encounter a message_v2.rpmsg attachment instead of readable content. The Outlook Team is working on a fix but has not provided an ETA. Microsoft recommends two temporary workarounds: have senders save encrypted messages before sending, or roll back to build 16.0.19426.20186.

⚠An unauthenticated command injection (CVE-2026-0625) in dnscfg.cgi allows remote shell execution on multiple legacy D-Link DSL gateway routers. VulnCheck reported the issue to D-Link after The Shadowserver Foundation observed an exploitation attempt on a honeypot on December 15. Confirmed affected models (DSL-526B, DSL-2640B, DSL-2740R, DSL-2780B) are End-of-Life and will not receive patches. D-Link advises retiring affected devices or isolating them in segmented non-critical networks and applying restrictive security settings.

⚠ An unpatched firmware error in the TOTOLINK EX200 wireless range extender can cause the device to start an unauthenticated root-level telnet service when specific malformed firmware files are processed. CERT/CC (CVE-2025-65606) says exploitation requires an attacker to be authenticated to the web management interface to reach the firmware-upload handler, which can then enter an abnormal error state. The vendor has not issued a patch and the product is no longer actively maintained; users are advised to restrict administrative access and consider upgrading to a supported model.

⚠️ Columbia Weather Systems’ MicroServer firmware contains multiple vulnerabilities that could let an attacker redirect SSH connections, expose vendor and user secrets stored on an unencrypted SD card, and obtain a limited interactive shell with elevated file privileges. Affected devices run firmware versions prior to MS_4.1_14142. Columbia Weather Systems recommends updating to MS_4.1_14142 or later and contacting support for assistance; CISA advises minimizing network exposure, isolating control networks, and using secure remote access such as up-to-date VPNs. No known targeted public exploitation has been reported; UsrPacific reported these issues to CISA.

⚠️ A critical sandbox bypass, CVE-2025-68668 (CVSS 9.9), has been disclosed in n8n, allowing an authenticated user with workflow create/modify permissions to execute arbitrary OS commands on the host running n8n. The flaw resides in the Python Code Node that uses Pyodide and affects n8n versions 1.0.0 up to, but not including, 2.0.0. The issue is resolved in n8n 2.0.0, which makes the task-runner native Python implementation the default. Short-term mitigations include disabling the Code Node, disabling Python in the Code Node, or enabling the task-runner Python sandbox via environment variables.

🚨 Maintainers of @adonisjs/bodyparser urge immediate updates after disclosure of CVE-2026-21440, a critical path traversal flaw that can enable attackers to write arbitrary files via unsanitized multipart filenames. The vulnerability stems from MultipartFile.move(location, options) defaulting to client-supplied names when the options.name is omitted. Exploitation requires a reachable upload endpoint and can lead to file overwrite and possible RCE depending on deployment, filesystem permissions, and overwrite settings.

🔒 Bleeping Computer reports that attackers are actively exploiting an older FortiOS vulnerability, CVE-2020-12812, which can bypass two-factor authentication. Although Fortinet issued a patch in July 2020, researchers say at least 10,000 FortiGate firewalls remain unpatched. Administrators are urged to install the latest updates immediately to mitigate account access risks. Additional measures include restricting administrative access, rotating credentials, and monitoring logs for suspicious activity.

🔒 IBM is urging customers to quickly apply interim fixes for a critical authentication-bypass vulnerability in IBM API Connect (CVE-2025-13915) that affects versions 10.0.8.0–10.0.8.5 and 10.0.11.0. The flaw can allow unauthorized access to exposed applications without user interaction and stems from a broken architectural assumption that traffic passing the gateway guarantees identity enforcement (CWE-305). IBM has published platform-specific interim fixes and advises disabling self-service sign-up on Developer Portals if patches cannot be applied; administrators must also remove image overrides when upgrading to avoid persistent shadow state.

🔒 IBM has disclosed a critical authentication bypass in IBM API Connect, tracked as CVE-2025-13915 with a CVSS score of 9.8. The flaw could allow remote attackers to gain unauthorized access to the application. Affected releases include 10.0.8.0–10.0.8.5 and 10.0.11.0. IBM advises downloading the interim fix from Fix Central and, if immediate patching is not possible, disabling Developer Portal self-service sign-up as a temporary mitigation.

🔒 IBM urged customers to patch a critical authentication bypass in its API Connect platform that could allow attackers to access applications remotely. Tracked as CVE-2025-13915 and rated 9.8/10, the flaw affects versions 10.0.11.0 and 10.0.8.0–10.0.8.5. Exploitation is low-complexity and requires no user interaction. IBM recommends upgrading to the latest release and offers interim mitigations, including disabling self-service sign-up on the Developer Portal.

⚠️ The Cyber Security Agency of Singapore (CSA) has warned of a maximum-severity vulnerability, CVE-2025-52691 (CVSS 10.0), in SmarterTools SmarterMail that permits unauthenticated arbitrary file uploads and could enable remote code execution. The flaw affects builds 9406 and earlier and was fixed in Build 9413 (Oct 9, 2025); CSA recommends updating to Build 9483 (Dec 18, 2025). While no active exploitation has been reported, administrators should apply the vendor update promptly to mitigate the risk of web shells or malicious binaries being deployed and executed with SmarterMail service privileges.