View CSAF: Rockwell Automation’s FactoryTalk Historian ThingWorx has a vulnerability rated CVSS v4 9.3, which could let attackers remotely exploit XML external entities. The good news? A product update is available. The bad news? You might want to update those firewalls and VPNs while you’re at it. Stay secure, folks!

Attention tech wizards: Lantronix Device Installer has a vulnerability rated CVSS v4 6.9. It’s like leaving your front door unlocked in a neighborhood of hackers. For your own safety, migrate to Lantronix Provisioning Manager before someone treats your device like an all-you-can-hack buffet. Remember, unsupported software is a party no one wants to crash!

CISA unveiled two ICS advisories on May 22, 2025, spotlighting security issues and vulnerabilities. Users and admins should dive into these advisories for the latest technical tidbits and mitigation strategies.

Thunderbird 138.0.2 has swooped in like a superhero, fixing critical vulnerabilities that could have turned your email into a digital piñata. Thanks to scripting being disabled, your inbox remains a fortress, but steer clear of browser-like escapades for now!

The NSA, FBI, and CISA have teamed up to remind everyone that AI data security isn’t just a suggestion—it’s a necessity. Their new guide on AI Data Security offers best practices to ensure your AI doesn’t become an accidental comedian with faulty data. Remember, secure data equals trustworthy AI outcomes!

Johannes Ullrich is on duty at the Internet Storm Center, keeping us as safe as a hacker-proof vault in a spy movie. With the threat level at green, it’s a perfect time to dive into his upcoming class on Application Security. Sign up before the bad guys do!

LummaC2 malware is like the uninvited guest who not only crashes your party but also steals your snacks! The FBI and CISA have issued a stern warning about this malware targeting U.S. critical infrastructure sectors. Stay vigilant and keep your networks secure, because LummaC2 is out to infiltrate and exfiltrate.

The LummaC2 malware is spreading faster than gossip at a family reunion. FBI and CISA warn that this info-stealing pest can slip into networks like a ninja, threatening critical infrastructure across the U.S. Watch out for fake CAPTCHAs and spearphishing tactics—it’s a malware masquerade you don’t want an invite to!

Crypto wallet scams are getting craftier! Scammers post secret keys, luring victims into paying transaction fees before realizing they need a second key. It’s like a heist where the victim thinks they’re the mastermind but ends up being the mark. These scams thrive on greed, proving there’s no such thing as free crypto.

Cisco Webex vulnerabilities could let a remote attacker pull off a cross-site scripting attack. Due to flawed input filtering, users might be tricked into clicking malicious links. Luckily, Cisco has squashed the bugs, so no action is needed from users. But remember, there’s no such thing as a “click-and-hope” security strategy!

Cisco Webex Meetings vulnerability alert! A flaw in client join services lets cunning cyber tricksters pull off HTTP cache poisoning. The good news? Cisco zapped the bug with their mighty powers—no user action needed. But remember, there are no workarounds! Watch out for those sneaky fake responses.

Cisco Secure Network Analytics Manager is in hot water with a privilege escalation vulnerability. This bug allows an attacker to play puppet master with the operating system, given they have administrative credentials. No workarounds are available, so brace yourself! Cisco has released software updates to save the day.

A glitch in the Cisco Secure Network Analytics Manager API could turn low-privileged users into false alarm maestros. This vulnerability allows remote attackers to craft phony alerts like a scam artist. Cisco has released updates to fix this issue, so don’t be alarmed—just be updated!

The Cisco Identity Services Engine vulnerability lets remote attackers conduct cross-site scripting (XSS) attacks. With no workarounds, authenticated hackers can inject malicious code. Cisco’s software updates are the only fix. It’s a bug so persistent, it practically has its own sitcom!

Cisco has released free software updates to address vulnerabilities. Customers should check their licenses and ensure compatibility before upgrading. No contract? Contact Cisco TAC for help. Remember, free updates aren’t a magical ticket to new features, just a patch to keep things running smoothly. Stay safe, upgrade wisely!

Beware of the email gremlins! A Cisco Duo self-service portal vulnerability could let remote attackers inject commands into your inbox. Cisco has squashed the bug, so no need to lift a finger. But watch out for those sneaky emails! No workarounds, just sit back and enjoy the show.

Cisco Unified Intelligence Center has vulnerabilities that could let an authenticated, remote attacker perform privilege escalation. No workarounds exist, but Cisco has released software updates to address these issues. So, if your system’s acting like an overzealous hall monitor, it’s time for an upgrade!

A flaw in Cisco Unified Communications products could let a local attacker upgrade themselves to root status faster than a caffeine-fueled teenager hacks their parents’ Netflix account. The issue stems from overly generous permissions. Cisco has released updates, so be sure to patch it up before your system thinks it’s the king of the tech…

Cisco Unified Contact Center Enterprise Cloud Connect is facing a vulnerability that allows remote attackers to read and modify data due to insufficient access control. Cisco has released updates to patch this issue, but no workarounds exist. So, unless you want your data read like a bedtime story, update ASAP!

Heads up, tech and logistics pros! GRU cyber actors are at it again, targeting Western logistics entities and technology companies. It’s time for network defenders to channel their inner Sherlock, ramp up monitoring, and stay one step ahead of unit 26165’s sneaky tactics. Keep your cyber defenses sharp and your wits sharper!