Apple Products Memory Corruption Vulnerability
CISA has updated its Known Exploited Vulnerabilities (KEV) catalog to include CVE-2025-43510, a memory corruption vulnerability affecting various Apple products. The vulnerability, which could allow a malicious application to cause unexpected memory changes, has been addressed by Apple in recent software updates.
Livewire v3.6.3 Remote Command Execution Vulnerability Patched
CISA has issued a notice regarding a critical remote command execution vulnerability (CVE-2025-54068) in Livewire v3 up to v3.6.3. The vulnerability, which affects specific configurations and does not require authentication, has been patched in version 3.6.4.
CISA: Apple Products Memory Corruption Vulnerability Addressed
CISA has issued an advisory regarding a memory corruption vulnerability (CVE-2025-43520) affecting various Apple products. The vulnerability, which could allow a malicious application to cause system termination or write kernel memory, has been addressed by Apple through software updates.
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. These vulnerabilities pose significant risks to the federal enterprise and CISA urges all organizations to prioritize their remediation.
Apple Buffer Overflow Vulnerability Fixed in Safari, iOS, macOS
CISA has added a buffer overflow vulnerability (CVE-2025-31277) affecting Apple products to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, which allows for memory corruption via maliciously crafted web content, has been addressed by Apple in recent software updates.
Craft CMS Remote Code Execution Vulnerability Fixed
CISA has updated its Known Exploited Vulnerabilities (KEV) catalog to include CVE-2025-32432, a critical remote code execution vulnerability in Craft CMS. The vulnerability affects versions 3.x, 4.x, and 5.x and has been patched by the vendor. Organizations are urged to update their Craft CMS instances to the latest versions to mitigate this risk.
Atlassian Bamboo Data Center Vulnerability Allows Code Execution
CERT-Bund has issued a security advisory regarding a vulnerability in Atlassian Bamboo Data Center versions prior to 9.6.24, 10.2.16, and 12.1.3. The vulnerability allows remote, authenticated attackers to execute arbitrary code, posing a high risk.
Google Chrome Vulnerabilities (CVSS 8.8)
CERT-Bund has issued a security advisory for Google Chrome, detailing multiple vulnerabilities with a CVSS Base Score of 8.8. These vulnerabilities could allow remote attackers to execute code, bypass security measures, cause denial-of-service, or manipulate data. Affected versions include Google Chrome prior to 146.0.7680.153 and 146.0.7680.154 on Linux, MacOS X, and Windows.
Oracle Fusion Middleware Vulnerability Allows Code Execution
CERT-Bund has issued a security advisory for Oracle Fusion Middleware Identity Manager and Web Services Manager versions prior to 12.2.1.4.0 and 14.1.2.1.0. A critical vulnerability (CVSS 9.8) allows remote attackers to execute arbitrary code, potentially leading to full system compromise.
VMware Tanzu Spring Boot Actuator Vulnerabilities
CERT-Bund has issued a security advisory for VMware Tanzu Spring Boot Actuator, detailing vulnerabilities that allow remote attackers to bypass security measures. The advisory affects multiple versions of VMware Tanzu Spring Boot prior to specific patch levels and includes a high CVSS base score.
Kubernetes ingress-nginx Vulnerability Allows Code Execution and Info Disclosure
CERT-Bund has issued a security advisory for Kubernetes ingress-nginx, detailing a vulnerability that allows authenticated remote attackers to execute arbitrary code and disclose sensitive information. The advisory affects versions prior to 1.13.9, 1.14.5, and 1.15.1, with a high CVSS base score of 8.8.
Microsoft 365 Copilot Vulnerabilities Advisory
CERT-Bund has issued an advisory regarding multiple vulnerabilities in Microsoft 365 Copilot, with a CVSS base score of 8.9. These vulnerabilities could allow remote attackers to disclose information, manipulate data, and gain elevated privileges. Mitigation measures are available.
VMware Tanzu Spring Security Vulnerability
CERT-Bund has issued a security advisory for VMware Tanzu Spring Security, detailing a critical vulnerability (CVSS 9.1) that allows remote attackers to bypass security controls and potentially access confidential information. The advisory affects multiple versions of the Spring Security framework.
Netwrix Password Secure Vulnerabilities Allow Code Execution and DoS
CERT-Bund has issued a security advisory for Netwrix Password Secure, detailing multiple vulnerabilities that could allow for code execution and denial-of-service attacks. The advisory affects versions prior to 26.3.100 and is rated as high severity.
Critical Azure Vulnerabilities: Remote Attack, Privilege Escalation
CERT-Bund has issued a security advisory regarding critical vulnerabilities in Microsoft Azure DevOps, Data Factory, and Cloud Shell. These vulnerabilities allow remote attackers to escalate privileges, manipulate data, and disclose sensitive information, with a CVSS base score of 10.0.
Langflow Vulnerability Allows Remote Code Execution
CERT-Bund has issued a security advisory for Langflow, detailing a critical vulnerability that allows remote code execution. The advisory affects versions prior to 1.9.0 and impacts Linux, UNIX, and Windows operating systems. Mitigation measures are available.
ICE Arrests Convicted Domestic Abuser in Nashville
U.S. Immigration and Customs Enforcement (ICE) announced the arrest of Luis Meza-Olivera, a convicted domestic abuser with multiple felony convictions, in Nashville, Tennessee. The arrest followed a tip from a school official who reported the abuser's daughter feared he would kill her mother upon his release from local custody.
Multiple vulnerabilities in Elastic products
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in various Elastic products, including Elasticsearch, Kibana, Logstash, Metricbeat, and Packetbeat. These vulnerabilities could allow remote attackers to execute arbitrary code, compromise data confidentiality, and bypass security policies.
Oracle Identity Manager and Web Services Manager Vulnerability
CERT-FR has issued a security advisory regarding a critical vulnerability in Oracle Identity Manager and Web Services Manager. The vulnerability, identified as CVE-2026-21992, allows for remote arbitrary code execution. Affected versions require immediate patching.
Ubuntu Linux Kernel Vulnerabilities Identified by CERT-FR
CERT-FR has issued a notice regarding multiple vulnerabilities discovered in the Linux kernel used by Ubuntu. These vulnerabilities could allow attackers to gain elevated privileges, compromise data confidentiality, and impact data integrity. Users are advised to consult Ubuntu's security bulletins for patch information.
Debian LTS Linux Kernel Vulnerabilities Affecting Confidentiality, Denial of Service, Privilege Escalation
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in the Linux kernel used in Debian LTS systems. These vulnerabilities could lead to data confidentiality breaches, denial of service, and privilege escalation. Users are advised to consult Debian's security bulletins for patch information.
Microsoft Product Vulnerability CVE-2026-3731
CERT-FR has issued an advisory regarding a vulnerability (CVE-2026-3731) discovered in Microsoft products, specifically affecting azl3 libssh versions prior to 0.10.6-6. The advisory directs users to Microsoft's security bulletin for patch information.
Multiple Vulnerabilities in Traefik Software
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Traefik software, affecting versions prior to v2.11.41, v3.6.11, and v3.7.0-ea.2. These vulnerabilities could lead to data confidentiality breaches and security policy bypasses. Users are advised to consult the publisher's security bulletins for patch information.
Red Hat Linux Kernel Vulnerabilities
CERT-FR has issued a notice regarding multiple vulnerabilities discovered in the Red Hat Linux kernel. These vulnerabilities could allow attackers to achieve arbitrary code execution, privilege escalation, and data confidentiality breaches. Affected systems require patching as detailed in Red Hat's security bulletin.
SUSE Linux Kernel Vulnerabilities Identified by CERT-FR
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in SUSE Linux kernel versions. These vulnerabilities could lead to data confidentiality breaches and denial-of-service attacks. Affected systems include various SUSE Linux Enterprise and openSUSE Leap installations.
VMware Products Vulnerabilities Advisory
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in various VMware products. These vulnerabilities could allow an attacker to cause unspecified security issues. Affected users are advised to consult VMware's security bulletins for patch information.
IBM Products Vulnerabilities
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in various IBM products, including Cloud Pak for Security, Informix Dynamic Server, and QRadar SIEM. These vulnerabilities could allow attackers to execute arbitrary code remotely, cause denial of service, or compromise data confidentiality.
FFIEC Business Continuity Management Guidance for Financial Institutions
The FFIEC has released a new booklet providing guidance to examiners on evaluating business continuity management processes for financial institutions and service providers. The booklet aims to ensure the availability of critical financial services during disruptions.
FFIEC IT Examination Handbook Updates
The FFIEC has updated its IT Examination Handbook, providing new and revised booklets and work programs. These resources offer guidance to examiners and financial institutions on various IT-related topics, including audit, business continuity, development, information security, and management.
FFIEC IT Handbook: Development, Acquisition, and Maintenance Booklet
The FFIEC has updated its IT Examination Handbook with a revised 'Development, Acquisition, and Maintenance' booklet. This guidance provides updated information and best practices for financial institutions regarding the governance, risk management, and oversight of IT development, acquisition, and maintenance processes.
FFIEC IT Handbook - Architecture, Infrastructure, and Operations Booklet Updated
The Federal Financial Institutions Examination Council (FFIEC) has updated its IT Examination Handbook with a revised 'Architecture, Infrastructure, and Operations' booklet. This update provides guidance on enterprise-wide approaches to technology design, IT infrastructure implementation, and service delivery for financial institutions.
CISA KEV: Cisco FMC Vulnerability Allows Root Java Code Execution (CVE-2026-20131)
CISA has added a critical vulnerability in Cisco Secure Firewall Management Center (FMC) Software to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability (CVE-2026-20131) allows unauthenticated remote attackers to execute arbitrary Java code as root. Organizations are required to address this vulnerability by April 4, 2026.
DHS Staffer Impersonates Attorney to Enter ICE Facility
DHS Director Todd M. Lyons sent a letter to Texas Rep. Veronica Escobar detailing how her staffer, Benito Torres, impersonated an attorney to gain access to ICE facilities on at least 11 occasions and violated facility rules by passing a cell phone to detainees. As a result, Torres is prohibited from accessing any ICE facility.
DHS: Zero Illegal Aliens Released at Border for Tenth Straight Month
The Department of Homeland Security announced its tenth consecutive month with zero illegal aliens released at the U.S. border. The press release highlights a significant decrease in border crossings and apprehensions, attributing this to robust enforcement policies. February data also indicated a substantial increase in drug seizures.
ICE Arrests Individual for Road Rage and Knife Threat in Pennsylvania
U.S. Immigration and Customs Enforcement (ICE) announced the arrest of Christopher Leon Bailey, an undocumented immigrant from Jamaica, in Pennsylvania. Bailey is charged with aggravated assault, attempted murder, and other offenses related to a road rage incident where he allegedly ran over a victim and threatened him with a knife.
ICE Arrests Criminal Aliens Convicted of Murder, Sex Crimes, Drug Trafficking
U.S. Immigration and Customs Enforcement (ICE) announced the arrest of numerous undocumented immigrants convicted of serious crimes, including murder, sex offenses against minors, and drug trafficking. The press release highlights the agency's focus on removing individuals who have committed crimes in the United States.
Digital Europe Programme Amended for Innovative Digital Capacities
The European Commission has amended the Digital Europe Work Programme 2025-2027 to enhance innovative digital capacities across the EU. The update introduces new actions for digital infrastructure in schools, online safety applications, and AI testing facilities, among other enhancements.