Join Xavier Mertens in his quest to keep the internet safe, one green threat level at a time. Dive into Network Monitoring and Threat Detection In-Depth from Dec 15th to 20th, 2025. Who knew cyber safety could be this engaging? Get ready for a storm of knowledge at the Internet Storm Center!

AI presents unique challenges in the game of attack vs. defense. Does it really, though? Maybe if AI could predict who’s going to spill coffee on their keyboard next, it would be revolutionary! But until then, defenders face more challenges from poorly managed systems than from AI-powered attacks. Defenders need more GPU cycles… and maybe…

View CSAF: Varex Imaging’s Panoramic Dental Imaging Software is vulnerable to a laughably low attack complexity flaw. With a CVSS v4 score of 8.5, it’s like leaving your front door open and wondering why you have unexpected guests. The fix? A patch—what a shocker! Download now, before your dental software gets more action than your…

Grassroots’ DICOM library has sprung a leak, exposing an out-of-bounds write vulnerability. Opening a malicious DICOM file could crash the application faster than you can say “pixel data.” With a CVSS v4 score of 6.8, it’s time to update to v3.2.2 or later. Stay secure and keep your DICOM files drama-free!

CISA has rolled out Cross-Sector Cybersecurity Performance Goals 2.0, bringing new cybersecurity standards to critical infrastructure. By aligning with the latest frameworks, CPG 2.0 focuses on governance, accountability, and risk management. Because who knew saving the world from cyber threats was just a checkbox away?

View CSAF: Attention, ladies and gentlemen! OpenPLC_V3 has a vulnerability called Cross-Site Request Forgery (CSRF). Think of it as an invitation for malicious programs to crash the PLC party and change settings. Remember, folks, updating to pull request #310 is like uninviting a vampire from your home. Stay safe, stay updated!

CISA will stop updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory from January 10, 2023. For the latest on Siemens product vulnerabilities, rely on Siemens’ ProductCERT Security Advisories. So, if you want to keep your grid in check, Siemens has got your back—just not through CISA!

Attention Siemens Energy Services users: CISA is bowing out of updating security advisories on Siemens vulnerabilities. Keep your systems secure by checking Siemens’ ProductCERT for the latest info. Remember, a USB stick could reset your admin password faster than you can say “oops!” Stay vigilant and update to the latest software version.

Siemens’ devices face a cryptographic vulnerability that could allow a firmware fiasco of malicious proportions. The Building X – Security Manager Edge Controller is the star of the show, but not in a good way. Siemens recommends keeping the firmware party guest list exclusive to prevent any unwanted intruders.

CISA will stop updating ICS security advisories for Siemens product vulnerabilities post-initial advisory. For the latest on Siemens vulnerabilities, check Siemens’ ProductCERT Security Advisories. Remember, updating your SINEMA Remote Connect Server is not just a suggestion—it’s a “server-ly” serious business!

Brace yourselves, Siemens fans! CISA is ditching their updates on Siemens product vulnerabilities. For the latest scoop, head to Siemens’ ProductCERT Security Advisories. Remember, always keep your networks as secure as Fort Knox, and don’t let those hackers play man-in-the-middle with your systems!

As of January 2023, CISA will stop updating Siemens product vulnerability advisories. For the freshest scoop, check Siemens’ ProductCERT Security Advisories. This means Siemens is now your go-to guru for any vulnerability plot twists!

View CSAF: AzeoTech’s DAQFactory software has vulnerabilities that could open the door to cyber hijinks. From out-of-bounds write to use-after-free, the flaws are like a hacker’s buffet. While no known exploits have hit the scene, updating to Release 21.1 is a smart move to keep your systems crash-free and code-execution-free!

Attention all building automation enthusiasts! Johnson Controls iSTAR Ultra models are having an OS Command Injection party, and uninvited hackers might just crash it! If your version is prior to 6.9.7.CU01 or 6.9.3, it’s time to upgrade. Keep your systems safe and sound or risk getting punk’d by cyber villains. View CSAF for the full…

View CSAF: Johnson Controls’ iSTAR systems are facing a CVSS v4 score of 8.7 vulnerability. It’s like leaving your front door wide open and hoping no one notices. Update to the latest versions pronto and don’t let hackers RSVP to your security party!

CISA has added CVE-2025-58360 to its Known Exploited Vulnerabilities Catalog, because nothing says “Monday” like an OSGeo GeoServer vulnerability making federal agencies sweat like they’re in a sauna.

CISA and MITRE have unveiled the 2025 CWE Top 25 Most Dangerous Software Weaknesses, a list so crucial even your software’s bugs are scared. This list is key for organizations looking to bolster security measures, cut costs, and strengthen stakeholder trust. Prioritize these weaknesses to become the superhero your software deserves.

In the Ashen Lepus saga, this Middle Eastern threat actor isn’t just playing hide and seek—they’ve mastered the art of blending in with the digital crowd! With their new AshTag malware suite, they’re stealthily targeting Arabic-speaking government entities. The comedic twist? Their lures are so consistent, they’re practically writing a geopolitical soap opera!

Ever thought your minicomputer had hidden talents? Meet my Nucbox K8 Plus, moonlighting as a Proxmox 9 server with a secret AI engine. Thanks to Gemma 3, it’s now a local AI whiz handling tasks like a pro. Who knew a tiny box could pack such a punch?

Join Guy Bruneau at the Internet Storm Center, where the threat level is green, but the excitement is red-hot! Dive into the world of network monitoring and threat detection from December 15th to 20th, 2025. Unleash your inner Sherlock and discover what’s lurking in the digital shadows!