Hitachi Energy Ellipse Remote Code Execution Vulnerability
CISA ICS-CERT published advisory ICSA-26-092-03 disclosing a critical remote code execution vulnerability (CVE-2025-10492, CVSS 9.8) in Hitachi Energy Ellipse versions 9.0.50 and prior. The vulnerability exists in the Jasper Report third-party component due to improper Java deserialization handling. Organizations using affected Ellipse versions face immediate risk of remote compromise. Mitigation involves restricting loading of external custom reports to trusted sources only.
CVE-2026-3502 TrueConf Vulnerability Added to KEV Catalog
CISA added CVE-2026-3502, a TrueConf Client vulnerability involving code download without integrity verification, to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The vulnerability poses significant risk as a frequent attack vector for malicious cyber actors. Although Binding Operational Directive 22-01 only mandates remediation for Federal Civilian Executive Branch agencies, CISA strongly urges all organizations to prioritize timely remediation.
Yokogawa CENTUM VP Hardcoded Password Vulnerability CVE-2025-7741
CISA ICS-CERT published advisory ICSA-26-092-02 disclosing CVE-2025-7741, a hardcoded password vulnerability in Yokogawa CENTUM VP distributed control systems affecting versions R5.01.00 through R7.01.00. The vulnerability (CVSS 3.1 score 4.0 Medium) allows attackers with access to HIS screen controls to login as the PROG user and potentially modify permissions. CISA recommends changing to Windows Authentication Mode or applying vendor patches as mitigations.
Siemens SICAM 8 Vulnerabilities - Denial of Service and Out-of-Bounds Write Patches
CISA ICS-CERT released advisory ICSA-26-092-01 identifying two vulnerabilities in Siemens SICAM 8 industrial control products. CVE-2026-27663 is a medium-severity denial-of-service vulnerability (CVSS 6.5) caused by resource exhaustion under high request volumes. CVE-2026-27664 is a high-severity out-of-bounds write vulnerability (CVSS 7.5) exploitable through malicious XML input. Affected products include CPCI85, RTUM85, and SICORE firmware versions prior to V26.10. Siemens recommends updating to V26.10 or later.
Belden NetModule Router Software Vulnerabilities Allow Remote Code Execution
CERT-FR issued advisory CERTFR-2026-AVI-0390 notifying of multiple critical vulnerabilities (CVE-2025-15467, CVE-2025-69419) in Belden NetModule Router Software versions prior to 5.0.0.102. The vulnerabilities allow remote attackers to execute arbitrary code and cause denial of service. Organizations using affected NetModule routers should refer to vendor's PSIRT-5_OpenSSL_Vulnerabilities_NRSW bulletin for patch information.
OpenSSH vulnerabilities allow remote code execution
CERT-FR issued advisory CERTFR-2026-AVI-0391 alerting to multiple vulnerabilities in OpenSSH (versions prior to 10.3) enabling remote code execution and security policy bypass. OpenSSH released version 10.3 with patches. Organizations running OpenSSH should update immediately.
Azure Linux FRR Vulnerability CVE-2026-5107
CERT-FR published advisory CERTFR-2026-AVI-0389 notifying of a vulnerability in Microsoft Azure Linux affecting the frr 10.5.0-1 package on azl3. The vulnerability, tracked as CVE-2026-5107 (published by Microsoft on March 31, 2026), allows an attacker to cause an unspecified security issue. Organizations using affected versions should apply the vendor patch updating to version 10.5.0-2.
Multiple Cisco Vulnerabilities Allowing Remote Code Execution
CERT-FR issued advisory CERTFR-2026-AVI-0388 alerting to five critical vulnerabilities in multiple Cisco product families affecting the Cisco Integrated Management Controller (IMC), NFVIS, Evolved Programmable Network Manager (EPNM), and Smart Software Manager On-Prem. The vulnerabilities could allow unauthenticated remote code execution, privilege escalation, authentication bypass, and improper authentication, posing severe risks to data confidentiality and system integrity.
Multiple Netgate pfSense Vulnerabilities Allow Remote Code Execution
CERT-FR issued advisory CERTFR-2026-AVI-0387 alerting to multiple critical vulnerabilities (CVE-2026-xxxx through CVE-2026-xxxx) in Netgate pfSense CE and Plus firewall products. Four separate security advisories (pfSense-SA-26_01 through pfSense-SA-26_04) document arbitrary remote code execution and cross-site scripting (XSS) vulnerabilities affecting pfSense CE versions prior to 2.8.1 and pfSense Plus versions prior to 26.07. The vulnerabilities enable unauthenticated remote attackers to execute arbitrary code or inject malicious scripts.
Cisco IMC Critical Vulnerabilities - Remote Code Execution and Privilege Escalation
CERT-Bund issued a critical security advisory (WID-SEC-2026-0953) disclosing multiple vulnerabilities in Cisco Integrated Management Controller (IMC) affecting UCS C-Series, E-Series, and S-Series servers. The vulnerabilities carry a CVSS Base Score of 9.8, enabling remote unauthenticated attackers to gain administrator privileges, execute arbitrary code with root privileges, and conduct cross-site-scripting attacks. Organizations using affected Cisco products should apply patches immediately.
Cisco Nexus Vulnerabilities Allow File Manipulation, Data Disclosure
CERT-Bund released security advisory WID-SEC-2026-0955 identifying multiple vulnerabilities in Cisco Nexus Dashboard (<4.2) and Cisco Nexus Dashboard Insights. The vulnerabilities have a CVSS Base Score of 6.5 (Medium) and enable remote attackers to manipulate files or disclose confidential information. Mitigation measures are available.
IGEL UMS Vulnerability Allows Remote Information Disclosure
CERT-Bund issued a security advisory regarding a high-severity vulnerability (CVSS 8.6) in IGEL Universal Management Suite (UMS). The vulnerability allows remote, anonymous attackers to disclose sensitive information. Affected versions are those prior to version 12.11.100 running on Linux and UNIX systems. Organizations using IGEL UMS should apply available mitigations or update to a patched version.
WatchGuard Firebox Remote Code Execution Vulnerability
CERT-Bund published security advisory WID-SEC-2026-0952 reporting a high-severity vulnerability (CVSS 7.2) in WatchGuard Firebox and Unified Threat Management products. An authenticated remote attacker can exploit this flaw to execute arbitrary code on affected systems. Versions prior to 2026.2 and 12.12 are vulnerable.
Drupal SAML SSO Security Bypass Vulnerability Advisory
CERT-Bund issued a security advisory regarding a vulnerability in Drupal SAML SSO module versions prior to 3.1.4. The flaw allows remote attackers to bypass security measures. The vulnerability has a CVSS Base Score of 7.4 (high) and Temporal Score of 6.4 (medium). Organizations using the affected module should apply available mitigations.
M-Files Server Information Disclosure Vulnerability Advisory
CERT-Bund issued a security advisory (WID-SEC-2026-0956) regarding an information disclosure vulnerability in M-Files Server. The vulnerability affects versions prior to 26.3.15818.5 on Windows platforms and carries a CVSS Base Score of 6.5 (medium severity). Remote anonymous attackers can exploit this flaw to disclose sensitive information.
Cisco EPN Manager Information Disclosure Vulnerability
CERT-Bund issued a security advisory (WID-SEC-2026-0951) regarding a high-severity vulnerability (CVSS 8.0) in Cisco Evolved Programmable Network Manager versions prior to 8.1.2. The vulnerability allows authenticated remote attackers to exploit an information disclosure flaw. Organizations using affected versions should apply available mitigations.
Schneider Electric SCADAPack RemoteConnect Arbitrary Code Execution Vulnerability
CISA published an advisory regarding CVE-2026-0667, a critical (CVSS 9.8) vulnerability in Schneider Electric SCADAPack 47xi/47x/57x RTUs and RemoteConnect. The vulnerability (CWE-754) in the Modbus TCP protocol could allow remote unauthenticated attackers to execute arbitrary code, cause denial of service, and compromise confidentiality and integrity. Schneider Electric has released version R3.4.2 (Firmware 9.12.2) to remediate this issue.
Endpoint Management System Hardening Advisory Following Stryker Cyberattack
CISA released a cybersecurity alert on March 18, 2026, following a March 11 cyberattack against medical technology firm Stryker Corporation that compromised their Microsoft environment. The alert urges all U.S. organizations to harden endpoint management system configurations, specifically recommending Microsoft Intune security best practices including least privilege RBAC, phishing-resistant MFA, and Multi Admin Approval for sensitive operations.
Devolutions Server vulnerabilities allow remote authenticated admin takeover
Devolutions Server vulnerabilities allow remote authenticated admin takeover
HCL BigFix Platform Multiple Vulnerabilities
CERT-Bund issued a security advisory (WID-SEC-2026-0960) identifying multiple vulnerabilities in HCL BigFix Platform affecting versions prior to 11.0.6. The vulnerabilities carry a CVSS Base Score of 8.8 (high) and a Temporal Score of 7.7 (high). Local attackers can exploit these flaws to bypass security mechanisms and disclose sensitive information. Mitigation measures are available.
VertiGIS FM Critical Vulnerability - Remote Code Execution and XSS
CERT-Bund issued security advisory WID-SEC-2026-0959 disclosing critical vulnerabilities in VertiGIS FM building management software. The vulnerabilities carry a CVSS Base Score of 9.9 (critical) and CVSS Temporal Score of 8.9 (high), enabling remote authenticated attackers to execute arbitrary code and conduct cross-site scripting attacks. Affected versions are VertiGIS FM prior to 10.11.363 and 10.13.403.
pfSense Remote Code Execution Vulnerabilities
CERT-Bund issued Security Advisory WID-SEC-2026-0961 disclosing multiple high-severity vulnerabilities (CVSS Base Score 8.8) in Netgate pfSense Plus and CE software. Affected versions include pfSense Plus <26.03, <26.07 and CE <2.8.1. Remote attackers can exploit these flaws to execute arbitrary code or conduct cross-site scripting attacks. Mitigation measures are available.
Doxxing Arrest Under PDPO Section 64(3A)
The Office of the Privacy Commissioner for Personal Data (PCPD) arrested a 45-year-old male in Hong Kong's New Territories for suspected doxxing of a female friend under section 64(3A) of the Personal Data (Privacy) Ordinance (PDPO). The suspect allegedly disclosed personal data including the victim's name, Hong Kong Identity Card number, residential address, mobile phone number, and photo without consent. Maximum penalties under section 64(3C) include a fine of HK$1,000,000 and imprisonment for five years.
Chrome Dawn Use-After-Free Remote Code Execution Vulnerability
CISA added CVE-2026-5281 to the Known Exploited Vulnerabilities catalog. This is a use-after-free vulnerability in Google Chrome's Dawn component (versions prior to 146.0.7680.178) that allows remote code execution via a crafted HTML page. The vulnerability has an active exploitation status per SSVC analysis and a CVSS score of 8.8 (High).
Zero-Day Chrome Vulnerability - Immediate Update Required
The Cyber Security Agency of Singapore issued an urgent alert regarding CVE-2026-5281, a use-after-free zero-day vulnerability in Google Chrome's Dawn WebGPU implementation. The vulnerability affects Chrome versions prior to 146.0.7680.177/178 on Windows and Mac, and 146.0.7680.177 on Linux, and is reportedly being actively exploited in the wild.
Joint Taskforce on Motor Finance Claims
The ICO, FCA, SRA, and ASA have formed a joint taskforce to address poor handling of motor finance claims by claims management companies (CMCs) and law firms. The ICO specifically commits to enforcing consent requirements for unsolicited direct marketing under PECR. This is a coordinated regulatory response to harmful practices in the motor finance claims sector.