Yearly Archives: 2025

Current Activity

CISA and Partners Release Advisory on Ghost (Cring) Ransomware

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released a joint Cybersecurity Advisory, #StopRansomware: Ghost (Cring) Ransomware. This advisory provides network…

Comments Off on CISA and Partners Release Advisory on Ghost (Cring) Ransomware
February 20, 2025
Alerts

#StopRansomware: Ghost (Cring) Ransomware

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware…

Comments Off on #StopRansomware: Ghost (Cring) Ransomware
February 19, 2025
Bulletins

Vulnerability Summary for the Week of February 10, 2025

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info ABB--System 800xA  A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is…

Comments Off on Vulnerability Summary for the Week of February 10, 2025
February 18, 2025
Bulletins

Vulnerability Summary for the Week of February 3, 2025

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info .TUBE gTLD--.TUBE Video Curator  Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in .TUBE gTLD .TUBE…

Comments Off on Vulnerability Summary for the Week of February 3, 2025
February 10, 2025
Current Activity

CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices

CISA—in partnership with international and U.S. organizations—released guidance to help organizations protect their network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things…

Comments Off on CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices
February 5, 2025
Bulletins

Vulnerability Summary for the Week of January 27, 2025

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info 0xPolygonZero--plonky2  Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not…

Comments Off on Vulnerability Summary for the Week of January 27, 2025
February 3, 2025
Bulletins

Vulnerability Summary for the Week of January 20, 2025

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info aEnrich Technology--a+HRD  The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary…

Comments Off on Vulnerability Summary for the Week of January 20, 2025
January 28, 2025
Alerts

Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283,…

Comments Off on Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
January 23, 2025
Bulletins

Vulnerability Summary for the Week of January 13, 2025

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info 1000 Projects--Campaign Management System Platform for Women  A vulnerability was found in 1000 Projects Campaign Management System Platform for…

Comments Off on Vulnerability Summary for the Week of January 13, 2025
January 21, 2025