Aggregator

You must login to view this content

CISA released four Industrial Control Systems (ICS) advisories on September 2, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-245-01 Delta Electronics EIP Builder
• ICSA-25-245-02 Fuji Electric FRENIC-Loader 4
• ICSA-25-245-03 SunPower PVS6
• ICSA-25-182-06 Hitachi Energy Relion 670/650 and SAM600-IO Series (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2020-24363 TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
• CVE-2025-55177 Meta Platforms WhatsApp Incorrect Authorization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

每天的工作难度虽然不高，但是却异常琐碎，完全没有自己的思考时间，导致我的博客已经很久没有更新了。这种日子到底还有多久？我到底能不能成为说唱歌手？

A comprehensive new report spanning 2010 to 2025 reveals the ever-evolving landscape of commercial spyware vendors (CSVs), exposing the methods these private firms employ to infiltrate devices, their typical targets, and the infection chains that deliver their covert implants. The study, produced by a leading cybersecurity intelligence firm, underscores the persistent threat posed by CSVs—from […]

The post Mapping the Web of Commercial Spyware: Targets and Attack Chains appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.