All news with #patch tag

GE Vernova CIMPLICITY: Uncontrolled Search Path Element Risk

⚠️ GE Vernova's CIMPLICITY HMI/SCADA software is affected by an Uncontrolled Search Path Element vulnerability (CVE-2025-7719) in versions 2024, 2023, 2022, and 11.0. CISA reports this flaw could enable a low-privileged local attacker to escalate privileges; a CVSS v4 score of 7.0 and a CVSS v3.1 score of 7.8 were calculated. The issue is not remotely exploitable and no public exploitation has been reported; GE Vernova recommends upgrading to CIMPLICITY 2024 SIM 4 and following the Secure Deployment Guide while CISA advises network isolation and secure remote access.

CISA Publishes Nine ICS Advisories on August 28, 2025

🔔 On August 28, 2025, CISA released nine Industrial Control Systems (ICS) advisories that detail vulnerabilities, impacts, and recommended mitigations for multiple vendors and product families. The advisories cover Mitsubishi Electric, Schneider Electric, Delta Electronics, GE Vernova, and Hitachi Energy, and include several updates to prior notices. Operators and administrators are encouraged to review each advisory for affected versions, vendor patches, and configuration mitigations, and to prioritize remediation and monitoring to reduce operational risk.

Delta Electronics COMMGR: Remote Code Execution Risks

⚠️ Delta Electronics has identified two critical vulnerabilities in COMMGR (v2.9.0 and earlier) — a stack-based buffer overflow (CVE-2025-53418) and a code injection flaw (CVE-2025-53419) — that can enable arbitrary code execution via crafted .isp files. Delta and CISA rate the combined risk as high (CISA lists CVSS v4 8.8) and recommend upgrading to v2.10.0 or later. Additional mitigations include network segmentation, limiting Internet exposure, and using secure remote access methods. CISA reports no known public exploitation at this time.

Chinese Tech Firms Linked to Salt Typhoon Espionage

🔍 A joint advisory from the UK, US and allied partners attributes widespread cyber-espionage operations to the Chinese APT group Salt Typhoon and alleges assistance from commercial vendors that supplied "cyber-related products and services." The report names Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology and Sichuan Zhixin Ruijie Network Technology. It warns attackers exploited known vulnerabilities in edge devices to access routers and trusted provider connections, and urges immediate patching, proactive hunting using supplied IoCs, and regular review of device logs.

Citrix warns of NetScaler ADC/Gateway zero-day exploit

⚠️ Citrix has warned of multiple zero-day vulnerabilities in NetScaler ADC and NetScaler Gateway, highlighting CVE-2025-7775 as being actively exploited. The critical issue is a memory overflow that can lead to denial of service or remote code execution on appliances meeting specific configuration preconditions. Citrix provides CLI checks to identify affected devices but reports no mitigations or workarounds, and researchers estimate a large percentage of appliances remain unpatched. Administrators are urged to prioritize patching immediately.

Ten Vulnerabilities in Libbiosig and Multiple Vendors

🔒 Cisco Talos disclosed multiple vulnerabilities affecting libbiosig, Tenda AC6, SAIL, PDF‑XChange Editor, and Foxit PDF Reader. The flaws include integer overflows, heap and stack buffer overflows, out‑of‑bounds reads, authentication and firmware validation weaknesses, and other memory corruption issues that can lead to remote code execution or information disclosure. Vendors have released patches in coordination with Talos and Snort coverage is available to detect exploitation attempts. Apply vendor updates and detection rules immediately to reduce exposure.

Countering PRC State-Sponsored Network Compromise Worldwide

🛡️ U.S. and international agencies warn that People's Republic of China (PRC) state-sponsored actors have been compromising global networks since at least 2021 to collect communications and other intelligence. Actors targeted telecommunications backbone routers, provider- and customer-edge devices, and infrastructure across government, transportation, lodging, and military sectors. They exploited known CVEs (for example CVE-2024-21887, CVE-2024-3400, Cisco CVEs), modified devices to maintain persistence using on-box PCAP/containers and tunnels, and exfiltrated data via peering and covert channels. The advisory includes IP indicators, binary hashes, Yara/Snort rules, hunting guidance, and prioritized mitigations to patch, isolate management planes, harden credentials, and detect PCAP creation.

CISA Advisory: Chinese State-Sponsored APTs Target Networks

🚨 CISA, the NSA, the FBI, and international partners released a joint advisory detailing ongoing malicious activity by PRC state-sponsored APT actors seeking long-term access to critical infrastructure worldwide. The advisory highlights exploitation of vulnerabilities in routers and edge devices used by telecommunications and infrastructure operators, and notes actors' evasion and persistence tactics. It urges organizations to patch known exploited vulnerabilities, enable centralized logging, secure edge infrastructure, and hunt for signs of compromise immediately.

Citrix Patches NetScaler Zero-Days as Active Exploits Continue

🔒Citrix has released patches for three critical zero-day vulnerabilities in NetScaler ADC and NetScaler Gateway (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424), including pre-auth remote code execution observed in the wild. The vendor provided fixes for affected 14.1, 13.1 and 12.1-FIPS/NDcPP builds and said no workaround is available. Security researchers and CISA urged immediate patching and forensic checks for potential backdoors.

Citrix Patches NetScaler Flaws; Confirms Active Exploitation

🔒 Citrix has issued patches for three vulnerabilities in NetScaler ADC and NetScaler Gateway, and confirmed active exploitation of CVE-2025-7775. The flaws include two memory overflow issues (CVSS 9.2 and 8.8) that can lead to remote code execution or denial-of-service, and an improper access-control bug (CVSS 8.7) affecting the management interface. Fixes are available in multiple 12.x–14.x releases with no workarounds; Citrix credited external researchers for reporting the issues.

CISA Issues Three Industrial Control Systems Advisories

🔔 CISA released three Industrial Control Systems advisories on August 26, 2025, detailing vulnerabilities and mitigations for INVT VT‑Designer and HMITool, Schneider Electric Modicon M340 controllers and modules, and an updated advisory for Danfoss AK‑SM 8xxA Series. The alerts provide technical details, risk assessments, and recommended mitigations. Administrators and asset owners should review the advisories and apply vendor guidance promptly.

Schneider Electric Modicon M340: FTP Input Validation Flaw

⚠️ Schneider Electric disclosed an Improper Input Validation vulnerability in Modicon M340 controllers and several communication modules that can be triggered by a specially crafted FTP command. Tracked as CVE-2025-6625 with a CVSS v4 base score of 8.7, the flaw enables a remote denial-of-service with low attack complexity. Schneider released firmware fixes for the BMXNOE0100 (v3.60) and BMXNOE0110 (v6.80) modules, which require device reboot; remediation for other affected products is planned. CISA recommends disabling FTP when not needed, blocking or segmenting port 21, using VPNs for remote access, applying vendor updates where available, and following ICS hardening and risk-assessment practices before making changes.

CISA Adds CVE-2025-7775 for Citrix NetScaler Memory Overflow

🔔 CISA has added CVE-2025-7775, a memory overflow vulnerability in Citrix NetScaler, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. This class of flaw is a frequent attack vector and presents significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged KEVs by the specified due date. CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.

CISA Adds Three Actively Exploited Flaws in Citrix, Git

🚨 CISA added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog affecting Citrix Session Recording and Git. Two Citrix issues (CVE-2024-8068, CVE-2024-8069; CVSS 5.1) can lead to privilege escalation to the NetworkService account or limited remote code execution for authenticated intranet users, while CVE-2025-48384 (CVSS 8.1) in Git stems from carriage return handling that can enable arbitrary code execution. Federal agencies must mitigate these issues by September 15, 2025.

Docker fixes critical container escape CVE-2025-9074

🚨Docker has released an urgent patch for CVE-2025-9074, a critical container escape flaw in Docker Desktop for Windows and macOS that carries a CVSS score of 9.3. A malicious container could reach the Docker Engine API at 192.168.65.7:2375 without authentication, create and start new containers that bind the host C:\ drive and thereby access or modify host files. The issue is fixed in version 4.44.3; Enhanced Container Isolation (ECI) does not mitigate the vulnerability. Linux desktop installations are not affected because they use a host named pipe instead of a TCP socket.

CISA Adds Three New Vulnerabilities to KEV Catalog

⚠️ CISA added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025: CVE-2024-8069 and CVE-2024-8068 affecting Citrix Session Recording, and CVE-2025-48384, a Git link following vulnerability. CISA states these defects are supported by evidence of active exploitation and represent frequent attack vectors that pose significant risk to the federal enterprise. While BOD 22-01 binds Federal Civilian Executive Branch agencies to remediate listed CVEs by the required due dates, CISA urges all organizations to prioritize timely remediation and incorporate these entries into vulnerability management workflows.

Pre-auth Exploit Chains Found in Commvault Releases

🔒 Commvault has released fixes for four vulnerabilities in versions prior to 11.36.60 that could enable unauthenticated attackers to achieve remote code execution. The flaws include an unauthenticated API access bug, a setup-time default credential exposure, a path traversal allowing filesystem access, and command-line argument injection that can elevate low-privilege sessions. Patches are available in 11.32.102 and 11.36.60; Commvault SaaS is not affected.

FUJIFILM Synapse Mobility Privilege Escalation Advisory

🔒 FUJIFILM Healthcare Americas Corporation has released fixes for a privilege-escalation vulnerability (CVE-2025-54551) affecting Synapse Mobility. The issue is an external control of an assumed-immutable web parameter that can be abused remotely with low attack complexity; CVSS v4 score is 5.3. FUJIFILM recommends upgrading to 8.2 or applying patches for 8.0–8.1.1. Immediate mitigations include disabling the configurator search function or unchecking "Allow plain text accession number," and CISA advises minimizing network exposure and using secure remote access.

Threat Actors Abuse SDKs to Sell Victim Bandwidth Stealthily

🔍 Unit 42 observed a campaign exploiting CVE-2024-36401 in GeoServer to remotely deploy legitimate SDKs or apps that sell victims' internet bandwidth. The attackers leverage JXPath evaluation to achieve RCE across multiple GeoServer endpoints, then install lightweight binaries that operate quietly to monetize unused network capacity. This approach often uses unmodified vendor SDKs to maximize stealth and persistence while avoiding traditional malware indicators.

Warlock Ransomware: Emerging Threat Targeting Services

⚠️ Warlock is a ransomware operation that emerged in 2025 and uses double extortion — encrypting systems and threatening to publish stolen data to coerce payment. The group has targeted government agencies and critical service providers across Europe, and on August 12 a cyber incident disrupted UK telecom Colt Technology Services, with an alleged auction of one million stolen documents. Security analysts link recent intrusions to exploitation of the SharePoint vulnerability CVE-2025-53770, which Microsoft says is actively exploited; Microsoft has published analysis and urges immediate patching. Recommended mitigations include enforcing multi‑factor authentication, keeping security tools and software patched, maintaining secure off‑site backups, reducing attack surface, encrypting sensitive data, and educating staff on phishing and social engineering.