Feed aggregator
CISA Releases Nine Industrial Control Systems Advisories
Aug 28, 2025
CISA released nine Industrial Control Systems (ICS) advisories on August 28, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-240-01 Mitsubishi Electric MELSEC iQ-F Series CPU Module ICSA-25-240-02 Mitsubishi Electric MELSEC iQ-F Series CPU Module ICSA-25-240-03 Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit ICSA-25-240-04 Delta Electronics CNCSoft-G2 ICSA-25-240-05 Delta Electronics COMMGR ICSA-25-240-06 GE Vernova CIMPLICITY ICSA-24-135-04 Mitsubishi Electric Multiple FA Engineering Software Products (Update D) ICSA-25-140-04 Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update B) ICSA-25-184-01 Hitachi Energy Relion 670/650 and SAM600-IO series (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA and Partners Release Joint Advisory on Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage Systems
Aug 27, 2025
CISA, along with the National Security Agency, Federal Bureau of Investigation, and international partners, released a joint Cybersecurity Advisory on People’s Republic of China (PRC) state-sponsored Advanced Persistent Threat (APT) actors targeting critical infrastructure across sectors and continents to maintain persistent, long-term access to networks. This advisory builds on previous reporting and is based on real-world investigations conducted across multiple countries through July 2025. While the activity observed overlaps with industry reporting on the group known as Salt Typhoon, OPERATOR PANDA, RedMike, UNC5807, and GhostEmperor, among others, the advisory refers to them generically as APT actors to focus on the behavior, not the alias. These APT actors are exploiting vulnerabilities in the large backbone routers of telecommunications providers—specifically provider edge and customer edge routers that often lack visibility and are difficult to monitor—to gain and maintain persistent access, particularly in telecommunications, government, transportation, lodging, and defense networks. They often modify router firmware and configurations to evade detection and establish long-term footholds. CISA and authoring partners strongly urge network defenders, particularly those in high-risk sectors, to hunt for malicious activity and implement the mitigations outlined in this advisory. For more detailed information, review the full advisory and CISA’s People’s Republic of China Cyber Threat Overview and Advisories web page.
CISA Adds One Known Exploited Vulnerability to Catalog
Aug 26, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-7775 Citrix NetScaler Memory Overflow Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Three Industrial Control Systems Advisories
Aug 26, 2025
CISA released three Industrial Control Systems (ICS) advisories on August 26, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-238-01 INVT VT-Designer and HMITool ICSA-25-238-03 Schneider Electric Modicon M340 Controller and Communication Modules ICSA-25-140-03 Danfoss AK-SM 8xxA Series (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Aug 25, 2025
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-8069 Citrix Session Recording Deserialization of Untrusted Data Vulnerability CVE-2024-8068 Citrix Session Recording Improper Privilege Management Vulnerability CVE-2025-48384 Git Link Following Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Requests Public Comment for Updated Guidance on Software Bill of Materials
Aug 22, 2025
CISA released updated guidance for the Minimum Elements for a Software Bill of Materials (SBOM) for public comment—comment period begins today and concludes on October 3, 2025. These updates build on the 2021 version of the National Telecommunications and Information Administration SBOM Minimum Elements to reflect advancements in tooling and implementation. An SBOM serves as a vital inventory of software components, enabling organizations to identify vulnerabilities, manage dependencies, and mitigate risks. The update refines data fields, automation support, and operational practices to ensure SBOMs are scalable, interoperable, and comprehensive. Stakeholders are encouraged to provide feedback via the Federal Register during the public comment period. This feedback will contribute to refining SBOM practices, enabling CISA to release an updated version of the minimum elements.
CISA Adds One Known Exploited Vulnerability to Catalog
Aug 21, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-43300 Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Three Industrial Control Systems Advisories
Aug 21, 2025
CISA released three Industrial Control Systems (ICS) advisories on August 21, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-233-01 Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module ICSA-25-177-01 Mitsubishi Electric Air Conditioning Systems (Update A) ICSMA-25-233-01 FUJIFILM Healthcare Americas Synapse Mobility CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Releases Four Industrial Control Systems Advisories
Aug 19, 2025
CISA released four Industrial Control Systems (ICS) advisories on August 19, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-231-01 Siemens Desigo CC Product Family and SENTRON Powermanager ICSA-25-231-02 Siemens Mendix SAML Module ICSA-25-217-02 Tigo Energy Cloud Connect Advanced (Update A) ICSA-25-219-07 EG4 Electronics EG4 Inverters (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Aug 18, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-54948 Trend Micro Apex One OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Thirty-Two Industrial Control Systems Advisories
Aug 14, 2025
CISA released thirty-two Industrial Control Systems (ICS) advisories on August 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-226-01 Siemens SIMATIC RTLS Locating Manager ICSA-25-226-02 Siemens COMOS ICSA-25-226-03 Siemens Engineering Platforms ICSA-25-226-04 Siemens Simcenter Femap ICSA-25-226-05 Siemens Wibu CodeMeter Runtime ICSA-25-226-06 Siemens Opcenter Quality ICSA-25-226-07 Siemens Third-Party Components in SINEC OS ICSA-25-226-08 Siemens RUGGEDCOM CROSSBOW Station Access Controller ICSA-25-226-09 Siemens RUGGEDCOM APE1808 ICSA-25-226-10 Siemens SIPROTEC 5 ICSA-25-226-11 Siemens SIMATIC S7-PLCSIM ICSA-25-226-12 Siemens SIPROTEC 4 and SIPROTEC 4 Compact ICSA-25-226-13 Siemens SIMATIC RTLS Locating Manager ICSA-25-226-14 Siemens RUGGEDCOM ROX II ICSA-25-226-15 Siemens SINEC OS ICSA-25-226-16 Siemens SICAM Q100/Q200 ICSA-25-226-17 Siemens SINEC Traffic Analyzer ICSA-25-226-18 Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER ICSA-25-226-19 Siemens SINUMERIK ICSA-25-226-20 Siemens RUGGEDCOM ROX II ICSA-25-226-21 Siemens BFCClient ICSA-25-226-22 Siemens Web Installer ICSA-25-226-23 Rockwell Automation FactoryTalk Viewpoint ICSA-25-226-24 Rockwell FactoryTalk Linx ICSA-25-226-25 Rockwell Automation Micro800 ICSA-25-226-26 Rockwell Automation FLEX 5000 I/O ICSA-25-226-27 Rockwell Automation ArmorBlock 5000 I/O – Webserver ICSA-25-226-28 Rockwell Automation ControlLogix Ethernet Modules ICSA-25-226-29 Rockwell Automation Studio 5000 Logix Designer ICSA-25-226-30 Rockwell Automation FactoryTalk Action Manager ICSA-25-226-31 Rockwell Automation 1756-ENT2R, 1756-EN4TR, 1756-EN4T ICSA-25-212-01 Güralp Systems FMUS Series and MIN Series Devices (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Aug 13, 2025
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-8875 N-able N-central Insecure Deserialization Vulnerability CVE-2025-8876 N-able N-central Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA and Partners Release Asset Inventory Guidance for Operational Technology Owners and Operators
Aug 13, 2025
CISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency, and several international partners, released comprehensive guidance to help operational technology (OT) owners and operators across all critical infrastructure sectors create and maintain OT asset inventories and supplemental taxonomies. An asset inventory is a regularly updated, structured list of an organization's systems, hardware, and software. It includes a categorization system—a taxonomy—that classifies assets based on their importance and function. This guidance explains how OT owners and operators can create, maintain, and use asset inventories and taxonomies to identify and safeguard their critical assets. Following this guidance, organizations may gain deeper insights into their architecture, optimize their defenses, better assess and reduce cybersecurity risk in their environments, and enhance incident response planning to ensure service continuity.
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Aug 12, 2025
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2013-3893 Microsoft Internet Explorer Resource Management Errors Vulnerability CVE-2007-0671 Microsoft Office Excel Remote Code Execution Vulnerability CVE-2025-8088 RARLAB WinRAR Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Seven Industrial Control Systems Advisories
Aug 12, 2025
CISA released seven Industrial Control Systems (ICS) advisories on August 12, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-224-01 Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share ICSA-25-224-02 Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 ICSA-25-224-03 Schneider Electric EcoStruxure Power Monitoring Expert ICSA-25-224-04 AVEVA PI Integrator ICSA-24-263-04 MegaSys Computer Technologies Telenium Online Web Application (Update A) ICSA-25-191-10 End-of-Train and Head-of-Train Remote Linking Protocol (Update A) ICSMA-25-224-01 Santesoft Sante PACS Server CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Issues ED 25-02: Mitigate Microsoft Exchange Vulnerability
Aug 7, 2025
Today, CISA issued Emergency Directive (ED) 25-02: Mitigate Microsoft Exchange Vulnerability in response to CVE-2025-53786, a vulnerability in Microsoft Exchange server hybrid deployments. ED 25-02 directs all Federal Civilian Executive Branch (FCEB) agencies with Microsoft Exchange hybrid environments to implement required mitigations by 9:00 AM EDT on Monday, August 11, 2025. This vulnerability presents significant risk to all organizations operating Microsoft Exchange hybrid-joined configurations that have not yet implemented the April 2025 patch guidance. Although this directive is only for FCEB agencies, CISA strongly encourages all organizations to address this vulnerability. For additional details, see CISA’s Alert: Microsoft Releases Guidance on Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments.
CISA Releases Ten Industrial Control Systems Advisories
Aug 7, 2025
CISA released ten Industrial Control Systems (ICS) advisories on August 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-219-01 Delta Electronics DIAView ICSA-25-219-02 Johnson Controls FX80 and FX90 ICSA-25-219-03 Burk Technology ARC Solo ICSA-25-219-04 Rockwell Automation Arena ICSA-25-219-05 Packet Power EMX and EG ICSA-25-219-06 Dreame Technology iOS and Android Mobile Applications ICSA-25-219-07 EG4 Electronics EG4 Inverters ICSA-25-219-08 Yealink IP Phones and RPS (Redirect and Provisioning Service) ICSA-25-148-04 Instantel Micromate (Update A) ICSA-25-140-04 Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments
Aug 6, 2025
Note: This Alert may be updated to reflect new guidance issued by CISA or other parties. CISA is aware of the newly disclosed high-severity vulnerability, CVE-2025-53786, that allows a cyber threat actor with administrative access to an on-premise Microsoft Exchange server to escalate privileges by exploiting vulnerable hybrid-joined configurations. This vulnerability, if not addressed, could impact the identity integrity of an organization’s Exchange Online service. While Microsoft has stated there is no observed exploitation as of the time of this alert’s publication, CISA strongly urges organizations to implement Microsoft’s Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability guidance outlined below, or risk leaving the organization vulnerable to a hybrid cloud and on-premises total domain compromise. If using Exchange hybrid, review Microsoft’s guidance Exchange Server Security Changes for Hybrid Deployments to determine if your Microsoft hybrid deployments are potentially affected and available for a Cumulative Update (CU). Install Microsoft’s April 2025 Exchange Server Hotfix Updates on the on-premise Exchange server and follow Microsoft’s configuration instructions Deploy dedicated Exchange hybrid app. For organizations using Exchange hybrid (or have previously configured Exchange hybrid but no longer use it), review Microsoft's Service Principal Clean-Up Mode for guidance on resetting the service principal’s keyCredentials. Upon completion, run the Microsoft Exchange Health Checker to determine if further steps are required. CISA highly recommends entities disconnect public-facing versions of Exchange Server or SharePoint Server that have reached their end-of-life (EOL) or end-of-service from the internet. For example, SharePoint Server 2013 and earlier versions are EOL and should be discontinued if still in use. Organizations should review Microsoft’s blog Dedicated Hybrid App: temporary enforcements, new HCW and possible hybrid functionality disruptions for additional guidance as it becomes available. Disclaimer: The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.
CISA Releases Malware Analysis Report Associated with Microsoft SharePoint Vulnerabilities
Aug 6, 2025
CISA published a Malware Analysis Report (MAR) with analysis and associated detection signatures on files related to Microsoft SharePoint vulnerabilities: CVE-2025-49704 [CWE-94: Code Injection], CVE-2025-49706 [CWE-287: Improper Authentication], CVE-2025-53770 [CWE-502: Deserialization of Untrusted Data], and CVE-2025-53771 [CWE-287: Improper Authentication] Cyber threat actors have chained CVE-2025-49704 and CVE-2025-49706 (in an exploit chain publicly known as “ToolShell”) to gain unauthorized access to on-premises SharePoint servers. CISA analyzed six files including two Dynamic Link-Library (.DLL), one cryptographic key stealer, and three web shells. Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint host system and exfiltrate data. CISA added CVE-2025-49704 and CVE-2025-49706 to its Known Exploited Vulnerabilities Catalog on July 22, 2025, and CVE-2025-53770 on July 20, 2025. CISA encourages organizations to use the indicators of compromise (IOCs) and detection signatures in this MAR to identify malware. Downloadable copy of IOCs associated with this malware: MAR-251132.c1.v1.CLEAR_stix2 (JSON, 84.95 KB ) Downloadable copies of the SIGMA rule associated with this malware: CMA SIGMA 251132 1 (YAML, 4.22 KB ) CMA SIGMA 251132 2 (YAML, 2.86 KB ) CMA SIGMA 251132 (YAML, 5.55 KB ) For more information on the malware files and YARA rules for detection, see MAR-251132.c1.v1 Exploitation of SharePoint Vulnerabilities. Disclaimer: The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.
CISA Releases Two Industrial Control Systems Advisories
Aug 5, 2025
CISA released two Industrial Control Systems (ICS) advisories on August 5, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-217-01 Mitsubishi Electric Iconics Digital Solutions Multiple Products ICSA-25-217-02 Tigo Energy Cloud Connect Advanced CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.