Cyber & Coffee

Our news

  • Eviction Strategies Tool Released

    Today, CISA released the Eviction Strategies Tool to provide cyber defenders with critical support and assistance during the containment and eviction phases of incident response. This tool includes: Cyber Eviction Strategies Playbook Next Generation (Playbook-NG): A web-based application for next-generation operations. COUN7ER: A database of atomic post-compromise countermeasures users can execute based on adversary tactics,

    READ MORE

  • Delta Electronics DTN Soft

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DTN Soft Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use a specially crafted project file to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Delta

    READ MORE

  • Samsung HVAC DMS

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.5 ATTENTION: Exploitable remotely Vendor: Samsung Equipment: HVAC DMS Vulnerabilities: Execution After Redirect (EAR), Deserialization of Untrusted Data, Absolute Path Traversal, Use of Potentially Dangerous Function, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Relative Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities

    READ MORE

  • National Instruments LabVIEW

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to the execution of arbitrary code on affected installations of LabVIEW, which could result in invalid

    READ MORE

  • CISA Releases Five Industrial Control Systems Advisories

    CISA released five Industrial Control Systems (ICS) advisories on July 29, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-158-04 Johnson Controls Software House iStar Pro Door Controller (Update A) ICSA-24-338-06 Fuji Electric Tellus Lite V-Simulator (Update A) ICSA-25-210-01 National Instruments LabVIEW ICSA-25-210-02 Samsung HVAC DMS ICSA-25-210-03 Delta

    READ MORE

  • CISA Releases Part One of Zero Trust Microsegmentation Guidance

    CISA released Microsegmentation in Zero Trust, Part One: Introduction and Planning as part of its ongoing efforts to support Federal Civilian Executive Branch (FCEB) agencies implementing zero trust architectures (ZTAs).  This guidance provides a high-level overview of microsegmentation, focusing on its key concepts, associated challenges and potential benefits, and includes recommended actions to modernize network

    READ MORE

  • CISA and Partners Release Updated Advisory on Scattered Spider Group

    CISA, along with the Federal Bureau of Investigation, Canadian Centre for Cyber Security, Royal Canadian Mounted Police, the Australian Cyber Security Centre’s Australian Signals Directorate, and the Australian Federal Police and National Cyber Security Centre, released an updated joint Cybersecurity Advisory on Scattered Spider—a cybercriminal group targeting commercial facilities sectors and subsectors. This advisory provides

    READ MORE

  • CISA Adds Three Known Exploited Vulnerabilities to Catalog

    CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-20281 Cisco Identity Services Engine Injection Vulnerability CVE-2025-20337 Cisco Identity Services Engine Injection Vulnerability CVE-2023-2533 PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant

    READ MORE

  • LG Innotek Camera Model LNV5110R

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely Vendor: LG Innotek Equipment: Camera Model LNV5110R Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following model

    READ MORE

  • Medtronic MyCareLink Patient Monitor

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Medtronic Equipment: MyCareLink Patient Monitor 24950, 24952 Vulnerabilities: Cleartext Storage of Sensitive Information, Empty Password in Configuration File, Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to system compromise, unauthorized access to sensitive data, and manipulation

    READ MORE