Search

CISA ICS-CERT STIX Threat Data - ICS and Enterprise Attack Patterns

CISA published a STIX bundle (AA26-097A) containing structured threat intelligence data with attack patterns for Industrial Control Systems (ICS) and enterprise environments. The bundle includes MITRE ATT&CK mapped techniques covering initial access, command and control, data manipulation, and impact vectors relevant to both ICS and enterprise networks.

Iranian APT Actors Exploit Rockwell PLCs Across US Critical Infrastructure

CISA, FBI, NSA, EPA, DOE, and US Cyber Command issued a joint advisory warning that Iran-affiliated APT actors are conducting active exploitation of internet-facing Rockwell Automation/Allen-Bradley programmable logic controllers across U.S. critical infrastructure. The advisory documents malicious interactions with PLC project files and manipulation of HMI and SCADA displays causing operational disruptions and financial losses in Water, Energy, and Government Services sectors. Agencies recommend immediate review of provided IOCs and implementation of specific mitigations including network isolation of OT devices.

Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

CISA, FBI, NSA, EPA, DOE, and US Cyber Command issued a joint cybersecurity advisory on April 7, 2026 warning that Iranian-affiliated APT actors are conducting active exploitation targeting internet-facing OT devices including Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs) across U.S. critical infrastructure. The advisory covers Water and Wastewater Systems and Energy sectors, providing TTPs, IOCs, and specific mitigations including removing PLCs from direct internet exposure and monitoring OT-specific ports.

Critical CVSS 8.8 Vulnerabilities Expose SQL Credentials in Mitsubishi Electric GENESIS64 and ICONICS Suite

CISA ICS-CERT issued advisory ICSA-26-097-01 disclosing two critical vulnerabilities (CVE-2025-14815, CVE-2025-14816) with CVSS 8.8 score in Mitsubishi Electric GENESIS64 and ICONICS Suite products affecting versions 10.97.3 and below. The vulnerabilities stem from cleartext storage of SQL Server credentials in local SQLite cache files, potentially allowing local attackers to obtain plaintext credentials and access, tamper with, or destroy data.

Multiple vulnerabilities in GLPI - RCE, SQL injection, XSS

CERT-FR issued a security advisory alerting organizations to multiple critical vulnerabilities in GLPI, an IT asset management and helpdesk software. The vulnerabilities affect GLPI versions 11.0.x prior to 11.0.6 and versions prior to 10.0.24, enabling remote code execution, SQL injection, and cross-site scripting attacks. Five CVEs are referenced: CVE-2026-25932, CVE-2026-26026, CVE-2026-26027, CVE-2026-26263, and CVE-2026-29047. Organizations using affected GLPI versions should apply vendor-provided patches immediately.

FortiClientEMS Vulnerability CVE-2026-35616 Actively Exploited

CERT-FR issued advisory CERTFR-2026-AVI-0400 warning of active exploitation of CVE-2026-35616 in Fortinet FortiClientEMS. The vulnerability allows remote code execution, privilege escalation, and security policy bypass on affected versions 7.4.x through 7.4.5. Organizations running vulnerable FortiClientEMS deployments are urged to apply patches immediately.

Multiples vulnérabilités dans Google Android - Déni de service

CERT-FR issued security advisory CERTFR-2026-AVI-0399 alerting to multiple vulnerabilities in Google Android. The vulnerabilities affect Android versions prior to 14, 15, 16, and 16-qpr2, and could allow attackers to cause denial of service conditions. The advisory references CVE-2025-48651 and CVE-2026-0049, with patches released by Google on April 6, 2026.

FasterXML Jackson Vulnerability - Security Bypass (CVSS 7.5)

CERT-Bund issued a security advisory regarding a vulnerability in FasterXML Jackson versions 3.0.0 through 3.1.0. The vulnerability, with a CVSS Base Score of 7.5, allows remote anonymous attackers to bypass security measures in the JSON processing library. Affected platforms include Linux, Windows, UNIX, and other operating systems running Java applications that utilize the library.

RHEL fontforge Remote Code Execution Vulnerability - CVSS 8.8

CERT-Bund issued a security advisory regarding a critical vulnerability (CVSS 8.8) in Red Hat Enterprise Linux's fontforge component affecting versions prior to RHEL 10, RHEL 9, and RHEL Extended Update Support 9.6. The vulnerability allows remote, unauthenticated attackers to execute arbitrary code on affected systems. Organizations running affected RHEL distributions should apply available mitigations or patches immediately.

Samsung Android Multiple Critical Vulnerabilities CVSS 9.8

CERT-Bund issued a critical security advisory regarding multiple vulnerabilities in Samsung Android OS versions prior to SMR-APR-2026. The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and enable remote attackers to escalate privileges, bypass security measures, disclose information, and manipulate files. Organizations and consumers using affected Samsung Android devices face immediate risk of exploitation.