A critical vulnerability (CVE-2025-4275) in Insyde H2O UEFI firmware allows attackers to inject unauthorised digital certificates via an unprotected NVRAM variable. This flaw enables the execution of arbitrary firmware during the early boot process.

A new malware, DslogdRAT, was deployed via a zero-day vulnerability in Ivanti Connect Secure during targeted attacks in Japan. The malware was installed using a Perl-based CGI web shell and exhibits advanced command-and-control capabilities.

Multiple critical vulnerabilities have been identified in Schneider Electric's Sage Series Remote Terminal Units (RTUs), potentially allowing remote attackers to compromise device integrity, availability, and confidentiality.

Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products.

Twelve out of the top 15 vulnerabilities were addressed last year, highlighting the importance of patching security flaws before they are exploited. The list included vulnerabilities in products from companies like Citrix, Cisco, Fortinet, and more.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released its first international strategic plan to enhance collaboration in combating cyber threats to critical infrastructure.

The joint cybersecurity advisory warned of Iranian cyber actors using brute force and other methods to compromise organizations, particularly in critical sectors such as healthcare, government, IT, engineering, and energy.

The CISA and FBI released the Product Security Bad Practices catalog to improve software security, especially in critical infrastructure. The document identifies risky software development practices and provides guidelines to mitigate these risks.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding three critical security vulnerabilities affecting various software, including Microsoft Windows, Mozilla Firefox, and SolarWinds Web Help Desk.

The Pioneer Kitten attackers are monetizing their access to compromised organizations' networks by selling domain admin credentials and full domain control privileges on cybercrime marketplaces.