Vulnerability in FortiWebCould Allow for Remote Code Execution
This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. A vulnerability has been discovered FortiWeb, which could allow for remote code execution. FortiWeb is a web application firewall (WAF) developed by Fortinet. It’s designed to protect web applications …
Continue reading Vulnerability in FortiWebCould Allow for Remote Code ExecutionMon, 17 Nov 2025 13:48:20 +0000
Comment Period Extended! Updating Foundational Activities for IoT Product Manufacturers
Comment Period Extended! Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers The comment period for Draft NIST IR 8259 Rev. 1, Second Draft, Foundational Cybersecurity Activities for IoT Product Manufacturers, has been extended through December 10, 2025. Over the past few months, NIST has been revising and updating Foundational …
Continue reading Comment Period Extended! Updating Foundational Activities for IoT Product ManufacturersMon, 17 Nov 2025 13:47:03 +0000
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution – PATCH: NOW
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. …
Continue reading Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution – PATCH: NOWTue, 11 Nov 2025 15:29:13 +0000
Recap: 2025 NY Metro Joint Cyber Security Conference
YOUTUBE | ARCHIVE | PERMALINK Date: October 30,2025 Venue: BMCC, NYCWebcast: ISOC.LIVE Section 1 – Opening & Keynote 01 – Opening Remarks Speaker: Steven Nuñez (BMCC) 02 – Keynote: Overcoming Fear and Failure Speaker: Richard Greenberg Section 2 – Threats, Defense & Hybrid Security 03 – Threat Informed Defense (TID) Speaker: Doug José Santos (Fortinet) 04 …
Continue reading Recap: 2025 NY Metro Joint Cyber Security ConferenceFri, 07 Nov 2025 14:51:35 +0000
Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution – PATCH NOW
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for remote code execution. Cisco is a leading technology company best known for its networking hardware and software, such as routers and switches, that form the backbone of the internet and enterprise networks. Successful exploitation of the most severe of …
Continue reading Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution – PATCH NOWFri, 07 Nov 2025 14:49:28 +0000
APT44 Threat Analysis Report
APT44, also known as Sandworm, FROZENBARENTS, Seashell Blizzard, and Voodoo Bear, is a Russian state-sponsored cyber group attributed to GRU Unit 74455. APT44 has significantly evolved its operations in recent years, expanding from traditional cyber espionage into a full-spectrum capability encompassing sabotage, psychological operations, and battlefield support. Its campaigns have targeted Ukraine and NATO countries, …
Continue reading APT44 Threat Analysis ReportThu, 06 Nov 2025 20:35:34 +0000
The “Smishing Triad” Campaign
Have you received a text message regarding an unpaid toll or package misdelivery lately? You are not the only one. Researchers discovered a SMiShing (SMS text phishing) campaign attributed to the “Smishing Triad” that has been circulating since April 2024. A China-based threat actor has been impersonating a variety of international services within critical infrastructure, including …
Continue reading The “Smishing Triad” CampaignThu, 06 Nov 2025 20:33:15 +0000
Document Review Detours to Legitimate Jotform Platform Jotform is used to create online forms and apps to collect data, process payments, and automate workflows without coding. It is a versatile tool for businesses and individuals in legitimate use cases. However, Jotform can also create opportunities for threat actors to exploit it for malicious purposes, such …
Continue reading Thu, 06 Nov 2025 20:32:27 +0000
Vulnerability in Microsoft Windows Server Update Services
This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. A vulnerability has been discovered in Microsoft Windows Server Update Services (WSUS) which could allow for remote code execution. WSUS is a tool that helps organizations manage and distribute …
Continue reading Vulnerability in Microsoft Windows Server Update ServicesSat, 25 Oct 2025 16:52:45 +0000
Oracle Quarterly Critical Patches
Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution. Threat Intelligence Watchtowr reports CVE-2025-61882 and CVE-2025-61884 were exploited in the recent wave of Cl0p data theft attacks and subsequent extortion campaign. Systems Affected Risk Government:– Large and medium government entities: High– Small government entities: High …
Continue reading Oracle Quarterly Critical PatchesThu, 23 Oct 2025 19:53:07 +0000