Flux RSS

View CSAF Summary Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. The following versions of CTEK Chargeportal are affected: Chargeportal vers:all/* CVSS Vendor Equipment Vulnerabilities v3 9.4 CTEK CTEK Chargeportal Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials Background Critical Infrastructure Sectors: Energy, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: Sweden Vulnerabilities Expand All + CVE-2026-25192 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend. View CVE Details Affected Products CTEK Chargeportal Vendor: CTEK Product Version: CTEK Chargeportal: vers:all/* Product Status: known_affected Remediations Mitigation CTEK will be sunsetting this product in April 2026. Please contact CTEK for more information https://www.ctek.com/support. https://www.ctek.com/support Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2026-31904 The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access. View CVE Details Affected Products CTEK Chargeportal Vendor: CTEK Product Version: CTEK Chargeportal: vers:all/* Product Status: known_affected Remediations Mitigation CTEK will be sunsetting this product in April 2026. Please contact CTEK for more information https://www.ctek.com/support. https://www.ctek.com/support Relevant CWE: CWE-307 Improper Restriction of Excessive Authentication Attempts Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-27649 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests. View CVE Details Affected Products CTEK Chargeportal Vendor: CTEK Product Version: CTEK Chargeportal: vers:all/* Product Status: known_affected Remediations Mitigation CTEK will be sunsetting this product in April 2026. Please contact CTEK for more information https://www.ctek.com/support. https://www.ctek.com/support Relevant CWE: CWE-613 Insufficient Session Expiration Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2026-28204 Charging station authentication identifiers are publicly accessible via web-based mapping platforms. View CVE Details Affected Products CTEK Chargeportal Vendor: CTEK Product Version: CTEK Chargeportal: vers:all/* Product Status: known_affected Remediations Mitigation CTEK will be sunsetting this product in April 2026. Please contact CTEK for more information https://www.ctek.com/support. https://www.ctek.com/support Relevant CWE: CWE-522 Insufficiently Protected Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Acknowledgments Khaled Sarieddine, Mohammad Ali Sayed reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-03-19 Date Revision Summary 2026-03-19 1 Initial Publication Legal Notice and Terms of Use

View CSAF Summary Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. The following versions of IGL-Technologies eParking.fi are affected: eParking.fi vers:all/* CVSS Vendor Equipment Vulnerabilities v3 9.4 IGL-Technologies IGL-Technologies eParking.fi Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials Background Critical Infrastructure Sectors: Energy, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: Finland Vulnerabilities Expand All + CVE-2026-29796 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend. View CVE Details Affected Products IGL-Technologies eParking.fi Vendor: IGL-Technologies Product Version: IGL-Technologies eParking.fi: vers:all/* Product Status: known_affected Remediations Mitigation IGL-Technologies has updated eParking's OCPP servers to reduce the risks posed by the vulnerability. These updates implemented the following security controls: 1) Enforce modern security profiles and stronger authentication. 2) Device‑level whitelisting was implemented to ensure that only authorized charging units can connect. 3) Rate‑limiting controls prevent excessive requests and reduces DoS risk. 4) Enhanced automated monitoring and alerting to detection abnormal network activity. Devices using the encrypted deployment of eParking's OCPP servers or IGL-Technologies proprietary eTolppa protocol are not impacted by these vulnerabilities. Mitigation To prevent this in the future IGL-Technologies will continue vulnerability monitoring under their ISO 27001:2022 security program and tighten security requirements for future third‑party OCPP hardware approvals. Mitigation For more information please contact the IGL-Technologies security team at this email address: security@igl.fi. mailto:security@igl.fi Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2026-31903 The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access. View CVE Details Affected Products IGL-Technologies eParking.fi Vendor: IGL-Technologies Product Version: IGL-Technologies eParking.fi: vers:all/* Product Status: known_affected Remediations Mitigation IGL-Technologies has updated eParking's OCPP servers to reduce the risks posed by the vulnerability. These updates implemented the following security controls: 1) Enforce modern security profiles and stronger authentication. 2) Device‑level whitelisting was implemented to ensure that only authorized charging units can connect. 3) Rate‑limiting controls prevent excessive requests and reduces DoS risk. 4) Enhanced automated monitoring and alerting to detection abnormal network activity. Mitigation Devices using the encrypted deployment of eParking's OCPP servers or IGL-Technologies proprietary eTolppa protocol are not impacted by these vulnerabilities. Mitigation To prevent this in the future IGL-Technologies will continue vulnerability monitoring under their ISO 27001:2022 security program and tighten security requirements for future third‑party OCPP hardware approvals. Mitigation For more information please contact the IGL-Technologies security team at this email address: security@igl.fi. mailto:security@igl.fi Relevant CWE: CWE-307 Improper Restriction of Excessive Authentication Attempts Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-32663 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests. View CVE Details Affected Products IGL-Technologies eParking.fi Vendor: IGL-Technologies Product Version: IGL-Technologies eParking.fi: vers:all/* Product Status: known_affected Remediations Mitigation IGL-Technologies has updated eParking's OCPP servers to reduce the risks posed by the vulnerability. These updates implemented the following security controls: 1) Enforce modern security profiles and stronger authentication. 2) Device‑level whitelisting was implemented to ensure that only authorized charging units can connect. 3) Rate‑limiting controls prevent excessive requests and reduces DoS risk. 4) Enhanced automated monitoring and alerting to detection abnormal network activity. Mitigation Devices using the encrypted deployment of eParking's OCPP servers or IGL-Technologies proprietary eTolppa protocol are not impacted by these vulnerabilities. Mitigation To prevent this in the future IGL-Technologies will continue vulnerability monitoring under their ISO 27001:2022 security program and tighten security requirements for future third‑party OCPP hardware approvals. Mitigation For more information please contact the IGL-Technologies security team at this email address: security@igl.fi. mailto:security@igl.fi Relevant CWE: CWE-613 Insufficient Session Expiration Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2026-31926 Charging station authentication identifiers are publicly accessible via web-based mapping platforms. View CVE Details Affected Products IGL-Technologies eParking.fi Vendor: IGL-Technologies Product Version: IGL-Technologies eParking.fi: vers:all/* Product Status: known_affected Remediations Mitigation IGL-Technologies has updated eParking's OCPP servers to reduce the risks posed by the vulnerability. These updates implemented the following security controls: 1) Enforce modern security profiles and stronger authentication. 2) Device‑level whitelisting was implemented to ensure that only authorized charging units can connect. 3) Rate‑limiting controls prevent excessive requests and reduces DoS risk. 4) Enhanced automated monitoring and alerting to detection abnormal network activity. Mitigation Devices using the encrypted deployment of eParking's OCPP servers or IGL-Technologies proprietary eTolppa protocol are not impacted by these vulnerabilities. Mitigation To prevent this in the future IGL-Technologies will continue vulnerability monitoring under their ISO 27001:2022 security program and tighten security requirements for future third‑party OCPP hardware approvals. Mitigation For more information please contact the IGL-Technologies security team at this email address: security@igl.fi. mailto:security@igl.fi Relevant CWE: CWE-522 Insufficiently Protected Credentials Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Acknowledgments Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-03-19 Date Revision Summary 2026-03-19 1 Initial Publication Legal Notice and Terms of Use

View CSAF Summary Successful exploitation of this vulnerability could allow a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition in the affected products. The following versions of Mitsubishi Electric CNC Series are affected: M800VW (BND-2051W000) <=BB M800VS (BND-2052W000) <=BB M80V (BND-2053W000) <=BB M80VW (BND-2054W000) <=BB M800W (BND-2005W000) <=FM M800S (BND-2006W000) <=FM M80 (BND-2007W000) <=FM M80W (BND-2008W000) <=FM E80 (BND-2009W000) <=FM C80 (BND-2036W000) vers:all/* M750VW (BND-1015W002) vers:all/* M730VW (BND-1015W000) vers:all/* M720VW (BND-1015W000) vers:all/* M750VS (BND-1012W002) vers:all/* M730VS (BND-1012W000-**) vers:all/* M720VS (BND-1012W000) vers:all/* M70V (BND-1018W000) vers:all/* E70 (BND-1022W000) vers:all/* NC Trainer2 (BND-1802W000) vers:all/* NC Trainer2 plus (BND-1803W000) vers:all/* CVSS Vendor Equipment Vulnerabilities v3 5.9 Mitsubishi Electric Mitsubishi Electric CNC Series Improper Validation of Specified Index, Position, or Offset in Input Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Japan Vulnerabilities Expand All + CVE-2025-2399 Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) vulnerability in the affected products allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition in the affected products by sending specially crafted packets to TCP port 683. View CVE Details Affected Products Mitsubishi Electric CNC Series Vendor: Mitsubishi Electric Product Version: Mitsubishi Electric M800VW (BND-2051W000): <=BB, Mitsubishi Electric M800VS (BND-2052W000): <=BB, Mitsubishi Electric M80V (BND-2053W000): <=BB, Mitsubishi Electric M80VW (BND-2054W000): <=BB, Mitsubishi Electric M800W (BND-2005W000): <=FM, Mitsubishi Electric M800S (BND-2006W000): <=FM, Mitsubishi Electric M80 (BND-2007W000): <=FM, Mitsubishi Electric M80W (BND-2008W000): <=FM, Mitsubishi Electric E80 (BND-2009W000): <=FM, Mitsubishi Electric C80 (BND-2036W000): vers:all/*, Mitsubishi Electric M750VW (BND-1015W002): vers:all/*, Mitsubishi Electric M730VW (BND-1015W000): vers:all/*, Mitsubishi Electric M720VW (BND-1015W000): vers:all/*, Mitsubishi Electric M750VS (BND-1012W002): vers:all/*, Mitsubishi Electric M730VS (BND-1012W000): vers:all/*, Mitsubishi Electric M720VS (BND-1012W000): vers:all/*, Mitsubishi Electric M70V (BND-1018W000): vers:all/*, Mitsubishi Electric E70 (BND-1022W000): vers:all/*, Mitsubishi Electric NC Trainer2 (BND-1802W000): vers:all/*, Mitsubishi Electric NC Trainer2 plus (BND-1803W000): vers:all/* Product Status: known_affected Remediations Vendor fix Please apply the fixed version (BC or later) for Mitsubishi Electric M800VW(BND-2051W000), M800VS(BND-2052W000), M80V(BND-2053W000), and M80VW(BND-2054W000). For instructions on how to apply it, please consult your Mitsubishi Electric representative. Vendor fix Please apply the fixed version (FN or later) for Mitsubishi Electric M800W(BND-2005W000), M800S(BND-2006W000), M80(BND-2007W000), M80W(BND-2008W000), and E80(BND-2009W000). For instructions on how to apply it, please consult your Mitsubishi Electric representative. Mitigation For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends using a firewall or virtual private network (VPN) to prevent unauthorized access, when internet access is required, to minimize the risk of exploiting this vulnerability. Mitigation For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends using the product within a LAN and blocking access from untrusted networks and hosts through a firewall, to minimize the risk of exploiting this vulnerability. Mitigation For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends using IP filters to prevent unauthorized access, when internet access is required, to minimize the risk of exploiting this vulnerability. IP filter function is available for M800V/M80V Series and M800/M80/E80 Series. For details about the IP filter function, refer to the following manual for each product: M800V/M80V Series Instruction Manual "16. Appendix 3 IP Address Filter Setting Function", M800/M80/E80 Series Instruction Manual "15. Appendix 2 IP Address Filter Setting Function" Mitigation For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the affected product and to all computers and network devices to which the products are connected, to minimize the risk of exploiting this vulnerability. Mitigation For customers of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends installing anti-virus software on PCs that can access the affected product, to minimize the risk of exploiting this vulnerability. Mitigation For more information, see Mitsubishi Electric 2025-022. https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-022_en.pdf https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-022_en.pdf Relevant CWE: CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Acknowledgments Mitsubishi Electric reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. Advisory Conversion Disclaimer This ICSA is a verbatim republication of CISA V20250121-001#02 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact CISA directly for any questions regarding this advisory. Revision History Initial Release Date: 2026-03-19 Date Revision Summary 2026-03-19 1 Initial CISA Republication of Mitsubishi Electric security advisory 2025-022 Legal Notice and Terms of Use

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to read, intercept, or modify communications. The following versions of Automated Logic WebCTRL Premium Server are affected: WebCTRL Premium Server CVSS Vendor Equipment Vulnerabilities v3 9.1 Automated Logic Automated Logic WebCTRL Premium Server Multiple Binds to the Same Port, Authentication Bypass by Spoofing, Cleartext Transmission of Sensitive Information Background Critical Infrastructure Sectors: Commercial Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-25086 Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software. View CVE Details Affected Products Automated Logic WebCTRL Premium Server Vendor: Automated Logic Product Version: Automated Logic WebCTRL Premium Server:

The European Union – the media freedom hub marsrgi Thu, 03/19/2026 - 08:58 Opening: 16 April 2026 Closing: 28 May 2026 The overall goal of this preparatory action is to continue the activities of the ongoing Free Media Hub EAST project, i.e. to sustain and improve existing financial and other kinds of support to exiled independent media from Russia, Belarus, as well as media from Ukraine that has relocated in the EU, and to foster the coordination and consolidation of a pan-European platform or network of media hubs to promote the preservation of a pluralistic media environment. GettyImages © Mihajlo Maricic Main link https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportuni… Related topics Media and democracy Media freedom and pluralism International relations Funding for Digital Actions to Support Ukraine Democracy in the digital age {"service":"share","version":"2.0","color":true,"networks":["x","facebook","linkedin","email","more"]}

These rulings prohibit the entities from entering or doing business in the European Union.

In addition to enabling remote access, the malware supports a wide range of capabilities, including data theft and spying.

A sophisticated iOS exploit chain leverages multiple zero-day vulnerabilities and is targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine.

A prompt injection vulnerability paired with other flaws can turn a Google search into a full attack chain that could threaten enterprise networks.

Tracking pixels let social media companies spy on their users even after they click over to advertiser sites, gleaning credit card info, geolocations, and more, according to an analysis.

The suspected India-linked threat group targets governments, telecom, and critical infrastructure using spear-phishing, old vulnerabilities, and rapidly rotating infrastructure to maintain persistent access.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment.1 To defend against similar malicious cyber activity, CISA urges organizations to harden endpoint management system configurations using the recommendations and resources provided in this alert. CISA is conducting enhanced coordination with federal partners, including the Federal Bureau of Investigation (FBI), to identify additional threats and determine mitigation actions. To defend against similar malicious activity that misuses legitimate endpoint management software, CISA urges organizations to implement Microsoft’s newly released best practices for securing Microsoft Intune; the principles of these recommendations can be applied to Intune and more broadly to other endpoint management software: Use principles of least privilege when designing administrative roles. Leverage Microsoft Intune’s role-based access control (RBAC) to assign the minimum permissions necessary to each role for completing day-to-day operations—permissions include what actions the role can take, and what users and devices it can apply that action to. Enforce phishing-resistant multi-factor authentication (MFA) and privileged access hygiene. Use Microsoft Entra ID capabilities (including Conditional Access, MFA, risk signals, and privileged access controls) to block unauthorized access to privileged actions in Microsoft Intune. Configure access policies to require Multi Admin Approval in Microsoft Intune. Set up policies that require a second administrative account’s approval to allow changes to sensitive or high-impact actions (such as device wiping), applications, scripts, RBAC, configurations, etc. Additionally, CISA recommends reviewing the following resources to strengthen defenses against similar malicious cyber activity: Microsoft resources: For recommendations on securing Microsoft Intune, see Best practices for securing Microsoft Intune. For guidance on implementing Multi Admin Approval in Microsoft Intune, see Use Access policies to implement Multi Admin Approval. For recommendations on configuring Microsoft Intune using zero trust principles, see Configure Microsoft Intune for increased security. For guidance on implementing Microsoft Intune RBAC policies, see Role-based access control (RBAC) with Microsoft Intune. For guidance on deploying Privileged Identity Management (PIM) across Microsoft Intune, Entra ID, and other Microsoft software, see Plan a Privileged Identity Management deployment. CISA resources: For guidance on implementing phishing-resistant multifactor authentication (MFA), see Implementing Phishing-Resistant MFA. Disclaimer The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA. Acknowledgements Microsoft and Stryker contributed to this alert. Notes 1 For updates from Stryker on the incident, see “Customer Updates: Stryker Network Disruption,” Stryker, last modified March 15, 2026, https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20963 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CEF-Digital Info Session: 2026 Calls Anonymous (not verified) Wed, 03/18/2026 - 10:35 26 March 2026 Online Learn more about the calls "Equipment for smart European cable systems" (CEF-DIG-2026-SMART-CABLES) and "Backbone connectivity for Digital Global Gateways" (CEF-DIG-2026-GATEWAYS). GettyImages © Dragon Claws Main link https://hadea.ec.europa.eu/events/cef-digital-info-session-2026-calls-2026-03-2… Related topics Connecting Europe Facility Funding for Digital Related content Press release 17 March 2026 Commission makes available €200 million for submarine cable and digital infrastructure projects The European Commission has opened two new Connecting Europe Facility (CEF) calls worth €200 million for projects in high-capacity networks, including submarine cables. {"service":"share","version":"2.0","color":true,"networks":["x","facebook","linkedin","email","more"]}

Credential theft soared in the second half of 2025, thanks in part to the industrialization of infostealer malware and AI-enabled social engineering.

When technical expertise meets clear communication, cybersecurity teams thrive. Learn how to foster trust and collaboration across diverse working groups.

Ransomware actors are ditching Cobalt Strike in favor of native Windows tools, as payment rates hit record lows and data theft surges.

In an unsuccessful phishing attack, threat actors leveraged trusted brands and domains to try to redirect a C-suite executive at Outpost24 to give up his credentials.

In a recent attack, the group showcased stealthier cross-network activity, thanks to its use of a new BYOVD technique and other tools.