Cyber & Coffee

Our news

  • Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics Products

    View CSAF Summary Successful exploitation of this vulnerability could result in denial-of-service (DoS), information tampering, and information disclosure. The following versions of Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics Products are affected: GENESIS64 (CVE-2025-11774) ICONICS Suite (CVE-2025-11774) MobileHMI (CVE-2025-11774) MC Works64 (CVE-2025-11774) CVSS Vendor Equipment Vulnerabilities v3 8.2 Mitsubishi Electric Iconics Digital Solutions, Mitsubishi

    READ MORE

  • Axis Communications Camera Station Pro, Camera Station, and Device Manager

    View CSAF Summary Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code, executing a man-in-middle style attack, or bypass authentication. The following versions of Axis Communications Camera Station Pro, Camera Station, and Device Manager are affected: AXIS Camera Station Pro (CVE-2025-30023, CVE-2025-30025, CVE-2025-30026) AXIS Camera Station (CVE-2025-30023, CVE-2025-30025, CVE-2025-30026) AXIS Device

    READ MORE

  • Rockwell Automation Micro820, Micro850, Micro870

    View CSAF Summary Successful exploitation of these vulnerabilities could result in a denial-of-service condition. The following versions of Rockwell Automation Micro820, Micro850, Micro870 are affected: Micro820 (CVE-2025-13823, CVE-2025-13824) CVSS Vendor Equipment Vulnerabilities v3 7.5 Rockwell Automation Rockwell Automation Micro820, Micro850, Micro870 Dependency on Vulnerable Third-Party Component, Release of Invalid Pointer or Reference Background Critical Infrastructure

    READ MORE

  • Schneider Electric EcoStruxure Foxboro DCS Advisor

    View CSAF Summary Schneider Electric is aware of a vulnerability disclosed by Microsoft in the Microsoft Windows Server Update Services (WSUS) used in the EcoStruxure™ Foxboro DCS Advisor services. The EcoStruxure™ Foxboro DCS Advisor, an optional component of the [EcoStruxure™ Foxboro DCS system](https://www.se.com/ww/en/work/products/industrial-automation-control/foxboro-dcs/), facilitates remote connectivity and diagnostics by continuously monitoring key performance indicators (KPI)

    READ MORE

  • Siemens Interniche IP-Stack

    View CSAF Summary Multiple Industrial products are affected by a vulnerability in the Interniche IP-Stack. The affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of

    READ MORE

  • National Instruments LabView

    View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. The following versions of National Instruments LabView are affected: LabVIEW (CVE-2025-64461, CVE-2025-64462, CVE-2025-64463, CVE-2025-64464, CVE-2025-64465, CVE-2025-64466, CVE-2025-64467, CVE-2025-64468, CVE-2025-64469) LabVIEW (CVE-2025-64461, CVE-2025-64462, CVE-2025-64463, CVE-2025-64464, CVE-2025-64465, CVE-2025-64466, CVE-2025-64467, CVE-2025-64468, CVE-2025-64469) LabVIEW (CVE-2025-64461, CVE-2025-64462, CVE-2025-64463, CVE-2025-64464, CVE-2025-64465, CVE-2025-64466,

    READ MORE

  • Inductive Automation Ignition

    View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to be granted direct SYSTEM-level code execution on the host operating system running the Ignition Gateway service on Windows systems. The following versions of Inductive Automation Ignition are affected: Ignition (CVE-2025-13911) CVSS Vendor Equipment Vulnerabilities v3 6.4 Inductive Automation Inductive Automation Ignition Execution

    READ MORE

  • CISA Releases Nine Industrial Control Systems Advisories

    CISA released nine Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-25-352-01 Inductive Automation Ignition ICSA-25-352-02 Schneider Electric EcoStruxure Foxboro DCS Advisor ICSA-25-352-03 National Instruments LabView ICSA-25-352-04 Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics Products ICSA-25-352-05 Siemens Interniche IP-Stack ICSA-25-352-06 Advantech WebAccess/SCADA ICSA-25-352-07

    READ MORE

  • CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor

    Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples. This update provides information on additional samples, including Rust-based samples. These samples demonstrate advanced persistence and

    READ MORE

  • CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-14733 WatchGuard Firebox Out-of-Bounds Write Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.    Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of

    READ MORE