CISA: Schneider Electric EcoStruxure Automation Expert Vulnerability Advisory
CISA issued an advisory regarding a critical vulnerability (CVE-2026-2273) in Schneider Electric's EcoStruxure Automation Expert software. The vulnerability could allow for arbitrary command execution on engineering workstations, potentially compromising industrial control systems. Schneider Electric has released version 25.0.1 as a fix.
CISA ICS Advisory: Schneider Electric Modicon Controllers Vulnerable
CISA issued an advisory regarding vulnerabilities in Schneider Electric Modicon Controllers M241, M251, M258, and LMC058. Successful exploitation could lead to cross-site scripting or open redirect attacks, potentially resulting in account takeover or code execution.
CISA ICS Advisory: Schneider Electric Modicon Vulnerabilities
CISA issued an advisory regarding vulnerabilities in Schneider Electric Modicon M241, M251, and M262 controllers. Successful exploitation could lead to a denial-of-service condition. Affected versions are prior to 5.4.13.12 for M241/M251 and 5.4.10.12 for M262.
CISA Adds Microsoft SharePoint Vulnerability to KEV Catalog
CISA has added CVE-2026-20963, a Microsoft SharePoint deserialization vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal Civilian Executive Branch (FCEB) agencies are required to remediate this vulnerability.
CISA ICS Advisory: WebCTRL Server Vulnerabilities Allow Communication Interception
CISA issued an advisory regarding multiple vulnerabilities in Automated Logic WebCTRL Premium Server. Successful exploitation could allow attackers to intercept or modify communications. The advisory provides details on affected versions and remediation guidance.
CISA Adds Cisco Vulnerability CVE-2026-20131 to KEV Catalog
CISA has added CVE-2026-20131, a vulnerability in Cisco Secure Firewall Management Center Software and Cisco Security Cloud Control, to its Known Exploited Vulnerabilities (KEV) Catalog. This action is based on evidence of active exploitation and requires Federal Civilian Executive Branch (FCEB) agencies to remediate the vulnerability.
CISA: IGL-Technologies eParking.fi ICS Advisory
CISA released an advisory regarding vulnerabilities in IGL-Technologies eParking.fi charging stations. Successful exploitation could allow attackers to gain unauthorized administrative control or disrupt services. The advisory details two critical vulnerabilities, CVE-2026-29796 and CVE-2026-31903, affecting all versions of eParking.fi.
CISA: CTEK Chargeportal Vulnerabilities Allow Unauthorized Administrative Control
CISA issued an advisory regarding critical vulnerabilities in CTEK Chargeportal software affecting energy and transportation sectors. Successful exploitation could lead to unauthorized administrative control or denial-of-service attacks on charging stations. The vendor is sunsetting the product in April 2026.
CISA Advisory: Mitsubishi Electric CNC Series Vulnerability ICSA-26-078-05
CISA issued an advisory regarding a denial-of-service vulnerability (CVE-2025-2399) in Mitsubishi Electric CNC Series products. Successful exploitation could allow remote attackers to cause an out-of-bounds read. Affected products are deployed worldwide, with remediation guidance provided by the vendor.
CISA: Schneider Electric EcoStruxure PME/EPO Vulnerability Advisory
CISA issued an advisory regarding a deserialization of untrusted data vulnerability (CVE-2025-11739) affecting Schneider Electric's EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) products. The vulnerability could lead to arbitrary code execution, system compromise, operational disruption, and unauthorized administrative control.
Mitel Products Vulnerability - XSS
CERT-FR has issued an advisory regarding a remote code injection (XSS) vulnerability affecting various Mitel product versions. Affected systems include specific versions of MCX and MiContact Center Business. Users are advised to consult Mitel's security bulletin for patch information.
VMware Product Vulnerabilities Identified by CERT-FR
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in various VMware products. These vulnerabilities could allow an attacker to cause unspecified security issues. Affected users are advised to consult VMware's security bulletins for patch information.
Python Vulnerability Allows Security Policy Bypass
CERT-FR has issued an advisory regarding a vulnerability in Python (CVE-2026-3479) that allows attackers to bypass security policies. The advisory urges users to apply the latest security patches provided by the Python editor.
CERT-FR Advises on Splunk Universal Forwarder Vulnerabilities
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Splunk Universal Forwarder. The advisory details affected versions and references Splunk's security bulletin for patch information. The vulnerabilities could allow an attacker to cause unspecified security issues.
Microsoft Products Vulnerabilities
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Microsoft products. These vulnerabilities could allow an attacker to exploit unspecified security issues. Affected systems include specific versions of azl3 and cbl2 components.
CERT-FR: Multiple vulnerabilities in Roundcube software
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Roundcube webmail software. The vulnerabilities could lead to data confidentiality breaches, server-side request forgery (SSRF), and remote code injection (XSS). Users are advised to consult the editor's security bulletin for patch information.
LG AI Research Ethical Priorities and IEEE SA Partnership
LG AI Research has published its 2025 Ethical Priorities, detailing efforts to identify and mitigate AI risks, including a partnership with IEEE SA for AI system certification. The report highlights the identification of 219 potential AI risks and the expansion of their AI risk taxonomy.
Python Path Traversal Vulnerability Disclosed
CERT-Bund has disclosed a path traversal vulnerability in Python versions prior to 3.15.0. The vulnerability, with a CVSS base score of 4.0, allows local attackers to exploit the flaw. Mitigation is available.
Roundcube Vulnerabilities: Critical Score, File Manipulation, XSS
CERT-Bund has issued a security advisory for Roundcube, a PHP-based open-source webmail system. Multiple vulnerabilities with a critical CVSS base score of 10.0 have been identified, allowing attackers to manipulate files, bypass security measures, and perform cross-site scripting attacks.
SuiteCRM Vulnerabilities Allow Code Execution, Data Manipulation, SSRF, DoS
CERT-Bund has issued a security advisory for SuiteCRM, detailing multiple vulnerabilities that could allow attackers to execute arbitrary code, manipulate data, perform SSRF attacks, or cause denial-of-service conditions. The advisory affects versions prior to 7.15.1 and 8.9.3, with a CVSS base score of 8.8.
Xpdf Vulnerability Allows Denial of Service
CERT-Bund has issued a security advisory regarding a denial-of-service vulnerability in the Xpdf PDF viewer. The vulnerability affects versions of Xpdf on Linux, UNIX, and Windows systems. The advisory provides information on the vulnerability and mitigation, noting a CVSS base score of 2.9.
Dell Secure Connect Gateway Policy Manager Critical Vulnerabilities
CERT-Bund has issued a security advisory for Dell Secure Connect Gateway Policy Manager, detailing critical vulnerabilities (CVSS Base Score 9.8) that could allow remote attacks. The advisory affects versions prior to 5.34.00.14 and recommends mitigation.
Jenkins Vulnerabilities Allow Code Execution and Info Disclosure
CERT-Bund has issued a security advisory for Jenkins, detailing multiple vulnerabilities with a high CVSS base score. These vulnerabilities allow attackers to execute arbitrary code, bypass security measures, and disclose confidential information. Affected versions include Jenkins weekly <2.555 and Jenkins LTS <2.541.3.
Samba Vulnerability Allows Information Disclosure
CERT-Bund has issued an advisory regarding a Samba vulnerability (WID-SEC-2026-0780) that allows local attackers to disclose information. The vulnerability affects Open Source Samba versions prior to 4.24.0 and has a CVSS Base Score of 5.5.
Drupal Automated Logout Extension Vulnerability Allows File Manipulation
CERT-Bund has issued a security advisory regarding a vulnerability in Drupal's Automated Logout Extension. The vulnerability allows remote, anonymous attackers to manipulate files. Affected versions include Open Source Drupal Automated Logout <1.7.0 and <2.0.2.
WebKitGTK Vulnerabilities Allow Code Execution, DoS, Info Disclosure
CERT-Bund has issued a security advisory (WID-SEC-2026-0782) regarding multiple vulnerabilities in WebKitGTK, a web browser engine used across various operating systems. The vulnerabilities, with a CVSS Base Score of 8.8, can allow remote attackers to execute arbitrary code, cause denial-of-service conditions, or disclose sensitive information.
IBM QRadar SIEM Critical Vulnerabilities
CERT-Bund has issued a security advisory regarding critical vulnerabilities in IBM QRadar SIEM, versions prior to 7.5.0 UP15. These vulnerabilities, with a CVSS Base Score of 9.8, allow for remote code execution, information disclosure, denial of service, and file manipulation.
Ubiquiti UniFi Vulnerabilities Allow Privilege Escalation
CERT-Bund has issued a security advisory for Ubiquiti UniFi Network Application, detailing vulnerabilities that allow for privilege escalation. The advisory assigns a critical CVSS Base Score of 10.0 and a high CVSS Temporal Score of 8.7, indicating a significant security risk. Affected versions include UniFi Network Application <10.1.89, <10.2.97, <9.0.118, and UniFi Express <4.0.13.
libarchive Vulnerability Allows Denial-of-Service
CERT-Bund has issued a security advisory regarding a vulnerability in the libarchive library, which allows for denial-of-service attacks. The vulnerability affects various operating systems including Linux, UNIX, and Windows, and specific versions of Red Hat Enterprise Linux. Mitigation measures are available.
Keycloak Vulnerabilities: Info Disclosure and Privilege Escalation
CERT-Bund has issued a security advisory regarding critical vulnerabilities in Keycloak versions prior to 26.5.6. These vulnerabilities allow for remote information disclosure and privilege escalation. Mitigation is available.
Microsoft Dynamics 365 SQL Injection Vulnerability
CERT-Bund has issued a security advisory for Microsoft Dynamics 365 Customer Engagement regarding a critical SQL injection vulnerability (CVSS 8.8). The vulnerability allows authenticated remote attackers to execute arbitrary SQL commands, potentially leading to privilege escalation or operating system command execution.
CISA KEV: Zimbra Collaboration XSS Vulnerability CVE-2025-66376
CISA has added a known exploited vulnerability, CVE-2025-66376, affecting Zimbra Collaboration. This cross-site scripting (XSS) vulnerability requires immediate attention from federal agencies and organizations using the affected software.
CISA KEV: Microsoft SharePoint RCE Vulnerability (CVE-2026-20963)
CISA has added a Microsoft SharePoint remote code execution vulnerability (CVE-2026-20963) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability has a CVSS score of 8.8 and is actively exploited.
DHS Operation Stops Alien Smuggling Attempt Off Miami Coast
DHS operations, including CBP, Coast Guard, and HSI, interdicted a smuggling vessel off the Miami coast on March 11, 2026. The operation resulted in the arrest of 15 individuals attempting illegal entry, with four facing charges for human smuggling and illegal re-entry.
ICE Arrests Child Predators, Sex Criminals, and Drug Traffickers
U.S. Immigration and Customs Enforcement (ICE) announced the arrest of multiple individuals convicted of serious crimes including child sexual assault, incest, and drug trafficking. The press release highlights the administration's focus on removing illegal aliens with criminal convictions.
ICE Arrests Suspect in Fatal Hit-and-Run of Sheriff's Deputy
DHS announced the arrest of Dennis Arguello-Acosta by ICE for his alleged involvement in a fatal hit-and-run that killed a sheriff's deputy. Arguello-Acosta is described as a criminal illegal alien and may face state charges.
NIST CSWP 37A Automation of the Cryptographic Module Validation Program
NIST has published CSWP 37A, detailing the automation of the Cryptographic Module Validation Program (CMVP). This white paper reports on the progress of the Automated Cryptographic Module Validation Project (ACMVP) and outlines planned next steps for improving the efficiency of FIPS 140-3 validation processes.