Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

Aug 13, 2025Ravie LakshmananVulnerability / Network Security Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256, carries…

Key Capabilities Security Leaders Need to Know

Aug 13, 2025The Hacker NewsArtificial Intelligence / Threat Hunting Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what…

What the Next Wave of AI Cyberattacks Will Look Like — And How to Survive

Aug 13, 2025The Hacker NewsArtificial Intelligence / Identity Security The AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take action without us lifting a finger,…

Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws

Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release. Of…

Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics

Aug 13, 2025Ravie LakshmananEndpoint Security / Cybercrime Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The threat…

Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks

Aug 12, 2025Ravie LakshmananMalware / Container Security New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. More troubling…

Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager

Aug 12, 2025Ravie LakshmananThreat Intelligence / Enterprise Security Cybersecurity researchers are warning of a “significant spike” in brute-force traffic aimed at Fortinet SSL VPN devices. The coordinated activity, per threat intelligence firm GreyNoise, was observed…

Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses

Aug 12, 2025Ravie LakshmananCybercrime / Financial Security An ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be…

New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks

Aug 12, 2025Ravie LakshmananCyber Espionage / Windows Security A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate…

Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2

by CISA
August 12, 2025
Security News, Assessments & Alerts
7 min read

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR, ULTRA G2 SE, iSTAR Edge G2 Vulnerabilities: OS Command…

« Previous
1
…
73
74
75
76
77
…
413
Next »