CISA Advisory: Pharos Controls Mosaic Show Controller Vulnerability
CISA has released an advisory regarding a critical vulnerability (CVE-2026-2417) in Pharos Controls Mosaic Show Controller firmware version 2.15.3. Successful exploitation could allow an unauthenticated attacker to execute arbitrary commands with root privileges. Pharos Controls recommends upgrading to version 2.16 or later.
CISA Advisory: Grassroots DICOM Memory Leak Vulnerability CVE-2026-3650
CISA has issued an advisory regarding a critical memory leak vulnerability (CVE-2026-3650) in Grassroots DICOM (GDCM) versions 3.2.2. Successful exploitation could allow an attacker to cause a denial-of-service condition by sending a specially crafted file. The vulnerability affects the Healthcare and Public Health critical infrastructure sectors worldwide.
CISA: Schneider Electric Plant iT/Brewmaxx Vulnerabilities Allow Remote Code Execution
CISA has issued an advisory regarding multiple vulnerabilities in Schneider Electric's Plant iT/Brewmaxx software, versions 9.60 and above. Successful exploitation could lead to privilege escalation and remote code execution. The advisory provides specific CVE details and mitigation steps recommended by the vendor.
CISA: Schneider Electric EcoStruxure Foxboro DCS Vulnerability Identified
CISA has issued an advisory regarding a deserialization of untrusted data vulnerability in Schneider Electric's EcoStruxure Foxboro DCS Control Software. The vulnerability, identified as CVE-2026-1286, could lead to loss of confidentiality, integrity, and potential remote code execution. Schneider Electric has released version CS 8.1 as a fix.
Spring Cloud Config Vulnerability Allows Server-Side Request Forgery
CERT-FR has issued an advisory regarding a critical vulnerability (CVE-2026-22739) in Spring Cloud Config versions prior to 3.1.13, 4.1.9, 4.2.6, 4.3.2, and 5.0.2. The vulnerability allows for Server-Side Request Forgery (SSRF), enabling attackers to potentially compromise server security.
Multiple Vulnerabilities in Google Chrome
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Google Chrome. The advisory urges users to refer to Google's security bulletin for patch information, as these vulnerabilities could lead to unspecified security issues.
Multiple Ruby on Rails Vulnerabilities Allow Remote Code Execution
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Ruby on Rails versions. These vulnerabilities could allow attackers to achieve remote code execution, denial of service, or data integrity breaches. Affected systems include various versions of actionpack, actionview, activestorage, and activesupport.
Trend Micro Deep Discovery Inspector Vulnerability Allows Remote Code Execution
CERT-FR has issued an advisory regarding a critical vulnerability in Trend Micro Deep Discovery Inspector. The vulnerability, identified as CVE-2025-15467, allows for remote code execution and denial of service. Affected versions require immediate patching.
Xen Vulnerability Allows Security Policy Bypass
CERT-FR has issued an advisory regarding a vulnerability in Xen, identified as CVE-2026-31788. This vulnerability allows an attacker to bypass security policies. Affected systems are instances of Xen on Linux that have not applied specific security patches.
VMware Tanzu for Postgres Vulnerability Allows Remote Code Execution
CERT-FR has issued a security advisory regarding a vulnerability in VMware Tanzu for Postgres that allows for remote code execution. Affected versions include multiple release lines prior to specific patch levels. Users are advised to consult VMware's security bulletin for remediation.
LibreNMS Vulnerability Allows Remote Code Execution
CERT-FR has issued an advisory regarding a critical vulnerability in LibreNMS versions prior to 26.3.0. This vulnerability allows for remote code execution and data integrity compromise. Users are advised to consult the LibreNMS security bulletin for patch information.
strongSwan Remote Denial of Service Vulnerability
CERT-FR has issued a security advisory regarding a remote denial of service vulnerability (CVE-2026-25075) in strongSwan versions prior to 6.0.5. The advisory urges users to refer to the vendor's security bulletin for patch information.
India AI Summit Discusses Responsible AI, Trust, and Capacity Building
The IEEE Standards Association participated in the India AI Impact Summit 2026, focusing on responsible AI, information integrity, and capacity building. The event brought together global leaders to discuss AI's role in economic growth and public services.
binutils vulnerability allows remote Denial of Service attack
CERT-Bund has issued a security advisory regarding a vulnerability in GNU Binary Utilities (binutils) versions prior to 2.47. This vulnerability allows remote attackers to perform a Denial of Service attack. Mitigation is available.
Citrix NetScaler Multiple Vulnerabilities
CERT-Bund has issued a security advisory for Citrix NetScaler, detailing multiple critical vulnerabilities (CVSS score 10.0) that allow remote attackers to disclose information and take over user sessions. Affected versions include specific releases of NetScaler ADC and Gateway prior to 14.1-66.59 and 13.1-62.23/37.262.
Google Chrome Vulnerabilities Advisory
CERT-Bund has issued an advisory regarding multiple high-severity vulnerabilities in Google Chrome, with a CVSS base score of 8.8. The advisory, dated March 23, 2026, indicates that these vulnerabilities could allow remote attackers to execute code, cause denial-of-service, or expose information. Mitigation measures are available.
Froxlor Vulnerability Allows File Manipulation and Information Disclosure
CERT-Bund has issued a security advisory for Froxlor, a web-based server management software. A vulnerability allows attackers to manipulate files and disclose information, with a CVSS base score of 8.2. The advisory applies to versions prior to 2.3.5.
cPanel cPanel/WHM Multiple Vulnerabilities
CERT-Bund has issued a security advisory for multiple critical vulnerabilities in cPanel cPanel/WHM, with a CVSS base score of 9.8. These vulnerabilities affect Linux and UNIX systems running affected versions of the software. Mitigation is available.
CODESYS Vulnerabilities Allow Code Execution and DoS
CERT-Bund has issued a security advisory for CODESYS, detailing multiple vulnerabilities that could allow attackers to execute arbitrary code or cause a denial of service. The advisory affects CODESYS versions prior to 3.5.22.0 and 4.21.0.0.
Ruby on Rails Vulnerabilities: DoS, File Manipulation, XSS
CERT-Bund has issued a security advisory for Ruby on Rails, detailing multiple vulnerabilities including Denial of Service, file manipulation, and Cross-Site Scripting. The advisory highlights critical severity with a CVSS Base Score of 9.1 and provides mitigation information for affected versions.
Red Hat Undertow Vulnerability Allows Remote Denial of Service
CERT-Bund has issued a security advisory regarding a vulnerability in Red Hat Undertow, a web server. The vulnerability allows remote attackers to perform a Denial of Service attack. The advisory provides a CVSS score of 5.9 and notes that mitigation is not yet available.
systemd Vulnerabilities Allow Denial of Service or Code Execution
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in systemd, a Linux system and service manager. Exploitation could lead to denial of service or code execution with administrator privileges. Affected versions include open source systemd prior to various specific release numbers.
MongoDB C Driver Vulnerability Allows Denial of Service
CERT-Bund has issued a security advisory regarding a vulnerability in the Open Source MongoDB C Driver versions prior to 2.2.3 and 1.30.8. The vulnerability allows remote, authenticated attackers to perform a Denial of Service attack. Mitigation is available.
VMware Tanzu Spring Cloud Vulnerability Allows Information Disclosure
CERT-Bund has issued a security advisory for VMware Tanzu Spring Cloud, detailing a vulnerability that allows remote attackers to disclose information. The advisory affects multiple versions of VMware Tanzu Spring Cloud Config and provides mitigation guidance.
Znuny Vulnerability Allows Remote Cross-Site Scripting Attack
CERT-Bund has issued a security advisory regarding a vulnerability in Znuny, an open-source ticketing software. The vulnerability allows remote attackers to perform a Cross-Site Scripting (XSS) attack. Affected versions include Znuny LTS <6.5.19 and Znuny <7.3.1.
strongSwan Vulnerability Allows Denial of Service Attack
CERT-Bund has issued a security advisory regarding a vulnerability in strongSwan, a VPN implementation. The vulnerability allows remote attackers to conduct Denial of Service attacks. Affected systems include various Linux distributions and other operating systems.
NIST Cybersecurity Framework 2.0 Informative References Quick-Start Guide
NIST has released an initial public draft of the SP 1347, 'NIST Cybersecurity Framework 2.0: Informative References Quick-Start Guide.' This document explains informative references and their role in achieving CSF 2.0 outcomes, introducing NIST tools for managing them and exploring AI's support for reference data.
ICE Requests Politicians Not Release Criminal Alien Charged with Attempted Murder
U.S. Immigration and Customs Enforcement (ICE) has lodged an arrest detainer for Jesus Alejandro Ramirez-Padilla, a Mexican national charged with attempted murder in Salt Lake City, Utah. ICE is requesting that politicians not release him, citing that nearly 70% of illegal aliens arrested by ICE nationwide have criminal convictions or pending charges.
ICE Arrests of Criminal Illegal Aliens
U.S. Immigration and Customs Enforcement (ICE) announced the arrest of criminal illegal aliens over a recent weekend. The individuals arrested had convictions for serious crimes including murder, aggravated sexual assault of a child, and rape. Acting Assistant Secretary Lauren Bis emphasized the administration's commitment to prioritizing American safety.
ICE Arrests Gang Members in Dallas Vehicle Theft Ring
U.S. Immigration and Customs Enforcement (ICE) announced the arrest of three individuals in Dallas, Texas, involved in a vehicle theft ring. The arrests included members of the Tren de Aragua and MS-13 gangs, as well as a criminal illegal alien. This operation is part of a broader effort by DHS to remove public safety threats.