Security Issues, Vulnerabilities, Exploits & Government Alerts
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to…
Dec 05, 2025Ravie LakshmananVulnerability / Network Security A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC…
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization (SEO) poisoning campaign leverages…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: SolisCloud Equipment: Monitoring Platform (Cloud API & Device Control API) Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: OpenBlue Mobile Web Application for OpenBlue Workplace Vulnerability: Direct Request (‘Forced Browsing’) 2. RISK EVALUATION Successful exploitation…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Canadian Centre for Cyber Security (Cyber Centre) unveiled a malware analysis report on BRICKSTORM, a sophisticated backdoor for VMware vSphere…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sunbird Equipment: DCIM dcTrack, Power IQ Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Use of Hard-coded Credentials 2. RISK…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: MAXHUB Equipment: MAXHUB Pivot Vulnerability: Weak Password Recovery Mechanism for Forgotten Password 2. RISK EVALUATION Successful exploitation of this vulnerability could…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: iSTAR eX, iSTAR Edge, iSTAR Ultra LT, iSTAR Ultra, iSTAR Ultra SE Vulnerability: Improper Validation of Certificate Expiration…
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) launched a new Industry Engagement Platform (IEP) today designed to facilitate structured, two-way communication between the agency and companies developing innovative and security technologies. The IEP…