ohio_k12_help_logo-xparent1-300x85
Login
ohio_k12_help_logo-xparent1-300x85
Login
Login

Cyber Security News

CIS Security Advisories

CIS Security News

CISA News

ISACA SmartBrief

RSS Cyber Security Advisories – MS-ISAC
  • Oracle Quarterly Critical Patches Issued April 15, 2025 2025-04-18
    Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution.
  • Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution 2025-04-18
    Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install […]
  • Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution 2025-04-08
    Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution.  FortiAnalyzer is a log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate, and respond, enabling simplified security operations, proactive identification and remediation of risks, and complete visibility of the […]
  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2025-04-08
    Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe Commerce is a composable ecommerce solution that lets you quickly create global, multi-brand B2C and B2B experiences.Adobe Experience Manager (AEM) Forms is a solution within the AEM platform that allows businesses to create, manage, and deploy […]
  • A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution 2025-04-08
    A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new […]
  • Multiple Vulnerabilities in Ivanti Endpoint Manager Could Allow for Remote Code Execution 2025-04-08
    Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges […]
  • Critical Patches Issued for Microsoft Products, April 8, 2025 2025-04-08
    Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users […]
  • Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2025-04-03
    Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client. Successful exploitation of the most severe […]
  • A Vulnerability in Ivanti Products Could Allow for Remote Code Execution 2025-04-03
    A Vulnerability has been discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways which could allow for remote code execution.  Ivanti Connect Secure (formerly Pulse Connect Secure) is a widely deployed SSL VPN solution that provides secure and controlled access to corporate data and applications for remote and mobile users, offering features like single […]
  • Multiple Vulnerabilities in IBM AIX could allow for arbitrary code execution. 2025-04-03
    Multiple vulnerabilities have been discovered in IBM AIX, the most severe of which could allow for arbitrary code execution. IBM AIX is a secure and reliable Unix operating system designed for IBM's Power Systems. It supports modern applications and provides strong security features, making it ideal for mission-critical business environments. Successful exploitation of these vulnerabilities could […]
RSS Blog Feed – Center for Internet Security
RSS All CISA Advisories
  • Schneider Electric Trio Q Licensed Data Radio 2025-04-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.4 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Trio Q Licensed Data Radio Vulnerabilities: Insecure Storage of Sensitive Information, Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access confidential information, compromise the integrity, or […]
    CISA
  • CISA Releases Six Industrial Control Systems Advisories 2025-04-17
    CISA released six Industrial Control Systems (ICS) advisories on April 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-107-01 Schneider Electric Trio Q Licensed Data Radio ICSA-25-107-02 Schneider Electric Sage Series ICSA-25-107-03 Schneider Electric ConneXium Network Manager ICSA-25-107-04 Yokogawa Recorder Products ICSA-24-326-04 Schneider Electric Modicon M340, MC80, […]
    CISA
  • CISA Adds Three Known Exploited Vulnerabilities to Catalog 2025-04-17
    CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-31200 Apple Multiple Products Memory Corruption Vulnerability CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability CVE-2025-24054 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to […]
    CISA
  • Yokogawa Recorder Products 2025-04-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: GX10, GX20, GP10, GP20, GM Data Acquisition System, DX1000, DX2000, DX1000N, FX1000, μR10000, μR20000, MW100, DX1000T, DX2000T, CX1000, CX2000 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate […]
    CISA
  • Schneider Electric ConneXium Network Manager 2025-04-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: ConneXium Network Manager Vulnerabilities: Files or Directories Accessible to External Parties, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access sensitive data, escalate privileges, or perform remote code execution. 3. […]
    CISA
  • Schneider Electric Sage Series 2025-04-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Sage series Vulnerabilities: Out-of-bounds Write, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Incorrect Default Permissions, Unchecked Return Value, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Read 2. RISK EVALUATION Successful […]
    CISA
  • CISA Adds One Known Exploited Vulnerability to Catalog 2025-04-16
    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-20035 SonicWall SMA100 Appliances OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of […]
    CISA
  • CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise 2025-04-16
    CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material may be exposed, reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts, applications, […]
    CISA
  • Lantronix Xport 2025-04-15
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Lantronix Equipment: Xport Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker unauthorized access to the configuration interface and cause disruption to monitoring and operations. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The […]
    CISA
  • Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX 2025-04-15
    As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack […]
    CISA
RSS ISACA SmartBrief on Cybersecurity
Ohio Department of Education & Workforce
MS-ISAC
CIS-Logo
Management Council Logo