Cyber & Coffee

Our news

  • CISA Adds Five Known Exploited Vulnerabilities to Catalog

    CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2018-14634 Linux Kernel Integer Overflow Vulnerability CVE-2025-52691 SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability CVE-2026-23760 SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability

    READ MORE

  • CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2024-37079 Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the

    READ MORE

  • Product Categories for Technologies That Use Post-Quantum Cryptography Standards

    Executive Summary In response to the June 6, 2025, Executive Order (EO) 14306, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144,” the Cybersecurity and Infrastructure Security Agency (CISA) is providing and regularly updating the below lists to aid in post-quantum cryptography (PQC) adoption. The lists include

    READ MORE

  • Schneider Electric EcoStruxure Process Expert

    View CSAF Summary Schneider Electric is aware of a vulnerability in its EcoStruxureTM Process and EcoStruxure™ Process Expert for AVEVA System Platform products. The EcoStruxureTM Process is a single automation system to engineer, operate, and maintain your entire infrastructure for a sustainable, productive and market-agile plant. The EcoStruxure™ Process Expert for AVEVA System Platform product

    READ MORE

  • AutomationDirect CLICK Programmable Logic Controller

    View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to impersonate users, escalate privileges, gain unauthorized access to systems and services, and decrypt sensitive data. The following versions of AutomationDirect CLICK Programmable Logic Controller are affected: CLICK Programmable Logic Controller (CVE-2025-67652, CVE-2025-25051) CLICK Programmable Logic Controller (CVE-2025-67652, CVE-2025-25051) CLICK Programmable Logic Controller

    READ MORE

  • Hubitat Elevation Hubs

    View CSAF Summary Successful exploitation of this vulnerability could allow an authenticated attacker to escalate their privileges and control devices outside of their authorized scope. The following versions of Hubitat Elevation Hubs are affected: Elevation C3 (CVE-2026-1201) Elevation C4 (CVE-2026-1201) Elevation C5 (CVE-2026-1201) Elevation C7 (CVE-2026-1201) Elevation C8 (CVE-2026-1201) Elevation C8 pro (CVE-2026-1201) CVSS Vendor

    READ MORE

  • Delta Electronics DIAView

    View CSAF Summary Successful exploitation of this vulnerability could enable an attacker to execute arbitrary code. The following versions of Delta Electronics DIAView are affected: DIAView (CVE-2026-0975) CVSS Vendor Equipment Vulnerabilities v3 7.8 Delta Electronics Delta Electronics DIAView Improper Neutralization of Special Elements used in a Command (‘Command Injection’) Background Critical Infrastructure Sectors: Chemical, Commercial

    READ MORE

  • Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool

    View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to cause a failure within the operating system of the machine hosting the ICU tool. The following versions of Johnson Controls Inc. iSTAR Configuration Utility (ICU) tool are affected: iSTAR Configuration Utility (ICU) tool (CVE-2025-26386) CVSS Vendor Equipment Vulnerabilities v3 7.1 Johnson Controls

    READ MORE

  • Weintek cMT X Series HMI EasyWeb Service

    View CSAF Summary Successful exploitation of these vulnerabilities could allow a low-level user to alter privileges and gain full control to the device. The following versions of Weintek cMT X Series HMI EasyWeb Service are affected: cMT3072XH (CVE-2025-14750, CVE-2025-14751) cMT3072XH(T) (CVE-2025-14750, CVE-2025-14751) cMT-SVRX-820 (CVE-2025-14750, CVE-2025-14751) cMT-CTRL01 (CVE-2025-14750, CVE-2025-14751) CVSS Vendor Equipment Vulnerabilities v3 8.3 Weintek

    READ MORE

  • CISA Adds Four Known Exploited Vulnerabilities to Catalog

    CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-31125 Vite Vitejs Improper Access Control Vulnerability CVE-2025-34026 Versa Concerto Improper Authentication Vulnerability CVE-2025-54313 Prettier eslint-config-prettier Embedded Malicious Code Vulnerability CVE-2025-68645 Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability These types of vulnerabilities are

    READ MORE