BLOG

Vulnerability in Microsoft Windows Server Update Services

This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. A vulnerability has been discovered in Microsoft Windows Server Update Services (WSUS) which could allow for remote code execution. WSUS is a tool that helps organizations manage and distribute … Continue reading Vulnerability in Microsoft Windows Server Update Services
Sat, 25 Oct 2025 16:52:45 +0000

Oracle Quarterly Critical Patches

Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution. Threat Intelligence Watchtowr reports CVE-2025-61882 and CVE-2025-61884 were exploited in the recent wave of Cl0p data theft attacks and subsequent extortion campaign. Systems Affected Risk Government:– Large and medium government entities: High– Small government entities: High … Continue reading Oracle Quarterly Critical Patches
Thu, 23 Oct 2025 19:53:07 +0000

Vulnerability in Oracle E-Business SuiteCould Allow for Remote Code Execution

This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. A vulnerability has been discovered in Oracle E-Business Suite, which could allow for remote code execution. Oracle E-Business Suite (EBS) is a comprehensive suite of integrated business applications that … Continue reading Vulnerability in Oracle E-Business SuiteCould Allow for Remote Code Execution
Wed, 22 Oct 2025 12:58:34 +0000

Ransomware Groups Continue to Push It to the Limit

Ransomware remains a persistent and ever-evolving threat to businesses of all sizes and sectors.  While the tactics, techniques, and procedures (TTPs) may vary, the end goal is often the same – a substantial payday. After months of silence, LockBit recently reemerged with an announcement of its “LockBit 5.0 Affiliate Program,” which grants its affiliates the ability … Continue reading Ransomware Groups Continue to Push It to the Limit
Wed, 22 Oct 2025 12:55:59 +0000

Salt Typhoon APT: A Strategic Threat Assessment

Salt Typhoon continues to target US critical infrastructure through sustained and coordinated cyber operations. The group, an advanced persistent threat (APT) linked to the People’s Republic of China (PRC), focuses much of its activity in communications, government, and defense. These intrusions enable the theft of sensitive national security information while advancing China’s efforts to expand … Continue reading Salt Typhoon APT: A Strategic Threat Assessment
Wed, 22 Oct 2025 12:55:10 +0000

NYMJCSC 2025 – October 30th

The 2025 NY Metro Joint Cyber Security Conference is in the planning stage, celebrating our 12th year featuring keynotes, panels and sessions aimed at educating everyone on the various aspects of information security and technology. Workshops featuring in-depth extended classroom-style educational courses to expand your knowledge and foster security discussions will take place virtually post-conference. We are … Continue reading NYMJCSC 2025 – October 30th
Wed, 22 Oct 2025 12:53:40 +0000

Vulnerabilities in F5 Devices

The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive ED 26-01: Mitigate Vulnerabilities in F5 Devices to direct Federal Civilian Executive Branch agencies to inventory F5 BIG-IP products, evaluate if the networked management interfaces are accessible from the public internet, and apply newly released updates from F5. A nation-state affiliated cyber threat actor has compromised … Continue reading Vulnerabilities in F5 Devices
Wed, 22 Oct 2025 12:50:45 +0000

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – PATCH: NOW

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create … Continue reading Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – PATCH: NOW
Wed, 22 Oct 2025 12:50:01 +0000

Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution – PATCH NOW

Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, … Continue reading Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution – PATCH NOW
Wed, 22 Oct 2025 12:49:19 +0000

Critical Patches Issued for Microsoft Products, October 14, 2025 – PATCH NOW

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; … Continue reading Critical Patches Issued for Microsoft Products, October 14, 2025 – PATCH NOW
Wed, 22 Oct 2025 12:48:23 +0000

© 2000 Interactive Security Training, LLC - All Rights Reserved.