Security Issues, Vulnerabilities, Exploits & Government Alerts
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION: Exploitable remotely Vendor: Sungrow Equipment: iSolarCloud Android App, WiNet Firmware Vulnerabilities: Improper Certificate Validation, Use of a Broken or Risky Cryptographic Algorithm, Authorization Bypass Through User-Controlled…
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens’ ProductCERT Security Advisories…
As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments,…
Mar 13, 2025Ravie LakshmananOpen Source / Vulnerability Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE…
Mar 13, 2025Ravie LakshmananBrowser Security / Encryption Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of…
Mar 12, 2025Ravie LakshmananCyber Espionage / Vulnerability The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors,…
CISA’s Red Team is among the best in the world and remains laser focused on helping our federal and critical infrastructure partners identify and mitigate their most significant vulnerabilities and weaknesses. This has not changed.…
Mar 12, 2025Ravie LakshmananCloud Security / Vulnerability Threat intelligence firm GreyNoise is warning of a “coordinated surge” in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. “At least 400 IPs have been…
We’ve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that…
Mar 12, 2025Ravie LakshmananPatch Tuesday / Vulnerability Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the…