Aggregator

CISA released ten Industrial Control Systems (ICS) advisories on August 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-219-01 Delta Electronics DIAView
• ICSA-25-219-02 Johnson Controls FX80 and FX90
• ICSA-25-219-03 Burk Technology ARC Solo
• ICSA-25-219-04 Rockwell Automation Arena
• ICSA-25-219-05 Packet Power EMX and EG
• ICSA-25-219-06 Dreame Technology iOS and Android Mobile Applications
• ICSA-25-219-07 EG4 Electronics EG4 Inverters
• ICSA-25-219-08 Yealink IP Phones and RPS (Redirect and Provisioning Service)
   
• ICSA-25-148-04 Instantel Micromate (Update A)
• ICSA-25-140-04 Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Today, CISA issued Emergency Directive (ED) 25-02: Mitigate Microsoft Exchange Vulnerability in response to CVE-2025-53786, a vulnerability in Microsoft Exchange server hybrid deployments.  

ED 25-02 directs all Federal Civilian Executive Branch (FCEB) agencies with Microsoft Exchange hybrid environments to implement required mitigations by 9:00 AM EDT on Monday, August 11, 2025. 

This vulnerability presents significant risk to all organizations operating Microsoft Exchange hybrid-joined configurations that have not yet implemented the April 2025 patch guidance.

Although this directive is only for FCEB agencies, CISA strongly encourages all organizations to address this vulnerability. For additional details, see CISA’s Alert: Microsoft Releases Guidance on Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments.

Software license non-compliance can carry steep penalties, and breaking service level agreements (SLAs) can also be costly.

The post Software License Non-Compliance Is Expensive appeared first on Azul | Better Java Performance, Superior Java Support.

The post Software License Non-Compliance Is Expensive appeared first on Security Boulevard.

Sophisticated attack vectors unveiled that exploit hybrid Active Directory and Microsoft Entra ID environments, demonstrating how attackers can achieve complete tenant compromise through previously unknown lateral movement techniques. These methods, presented at Black Hat USA 2025, expose critical vulnerabilities in Microsoft’s authentication infrastructure that allow unauthorized access to Exchange Online, SharePoint, and Entra ID without […]

The post New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data appeared first on Cyber Security News.

LAS VEGAS — A decade ago, the rise of public cloud brought with it a familiar pattern: runaway innovation on one side, and on the other, a scramble to retrofit security practices not built for the new terrain.

Related: GenAI … (more…)

The post MY TAKE: The GenAI security crisis few can see — but these startups are mapping the gaps first appeared on The Last Watchdog.

The post MY TAKE: The GenAI security crisis few can see — but these startups are mapping the gaps appeared first on Security Boulevard.

Akira ransomware affiliates are not leveraging an unknown, zero-day vulnerability in SonicWall Gen 7 firewalls to breach corporate networks, the security vendor shared today. “Instead, there is a significant correlation with threat activity related to CVE-2024-40766, which was previously disclosed and documented in our public advisory.” What happened? Since July 15, 2025, researchers have observed a notable surge in ransomware activity targeting SonicWall firewalls, specifically via their SSL VPN functionality, and posited that the attackers … More →

The post SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls appeared first on Help Net Security.

You must login to view this content