On September 25, 2025, the CISA issued Emergency Directive ED 25-03, mandating all U.S. federal agencies to identify and mitigate potential compromises in all versions of Cisco Adaptive Security Appliances (ASA) and Cisco Firepower devices.

Two OS command injection vulnerabilities were identified in Schneider Electric’s Saitel DR and DP Remote Terminal Units (RTUs). These flaws could allow local attackers to execute arbitrary shell commands via the BLMon Console during SSH sessions.

Multiple critical vulnerabilities have been identified in Hitachi Energy's Asset Suite platform (versions 9.6.4.5 and prior), originating from embedded open-source components. These vulnerabilities could lead to RCE, DOS, and other security risks.

Multiple critical vulnerabilities have been identified in Cognex In-Sight Explorer and In-Sight Camera Firmware, potentially allowing attackers to steal credentials, modify system configurations, or cause denial-of-service (DoS) conditions.

The stack-based buffer overflow?vulnerability could enable?local attackers to exploit these issues to potentially execute arbitrary code?while the end user opens a malicious project file (SSD file) provided by the attacker.

TrickBot uses person-in-the-browser attacks to steal information, such as login credentials. Some of TrickBot’s modules spread the malware laterally across a network by abusing the SMB protocol.

This joint advisory is the result of analytic efforts among the FBI, the CISA, and the Treasury to highlight the threat to cryptocurrency posed by North Korea and provide mitigation recommendations.