View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: iCam365 Equipment: P201 and QC021 Vulnerabilities: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in unauthorized exposure of camera video streams and camera configuration data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following iCam365 camera Read more

Post Content Read more

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-13223 Google Chromium V8 Type Confusion Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.    Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk Read more

Post Content Read more

Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help Internet Service Providers (ISPs) and network defenders mitigate cybercriminal activity enabled by Read more

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-58034 Fortinet FortiWeb OS Command Code Injection Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.   With recent and ongoing exploitation events Fortinet Releases Read more

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality and integrity. 3. TECHNICAL DETAILS 3.1 AFFECTED Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Shelly Equipment: Pro 3EM Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Pro 3EM, a smart DIN rail switch, is affected: Pro 3EM: Read more

CISA released six Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-25-322-01 Schneider Electric EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio ICSA-25-322-02 Shelly Pro 4PM ICSA-25-322-03 Shelly Pro 3EM ICSA-25-322-04 Schneider Electric PowerChute Serial Shutdown ICSA-25-322-05 METZ CONNECT EWIO2 ICSA-25-224-03 Schneider Electric Read more