CISA released an analysis of FY21 risk and vulnerability assessments explaining successive tactics an attacker could take to compromise an organization through exploiting vulnerabilities.

Sources: CISA Analysis, CISA

The Mitsubishi Electric MELSEC iQ-F Series contains an improper input validation vulnerability.

Sources: Mitsubishi Electric, CISA

The Internet Systems Consortium (ISC) released a security advisory for a vulnerability found in BIND that could allow an attacker to cause a denial-of-service condition.

Sources: ISC, CISA

CISA issued an Emergency Directive and released a CSA due to the active exploitation of multiple vulnerabilities in VMware products.

Sources: CISA Emergency Directives, CISA, CISA CSA

CISA and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint CSA due to the active exploitation of a vulnerability that affects F5 Networks BIG-IP devices.

Sources: CISA, CISA

Apple released security updates for multiple products due to vulnerabilities that could lead an attacker to gain control of affected systems.

Sources: Apple, CISA

Cybersecurity authorities of the U.S., Canada, New Zealand, the Netherlands and the U.K. released a joint CSA on 10 routinely exploited vulnerabilities and how to mitigate them.

Sources: Joint CSA, CISA

CISA added two vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Sources: Known Exploited Vulnerabilities Catalog, CISA

Apache released a security advisory for Tomcat due to a vulnerability that could lead to an attacker obtaining sensitive information.

Sources: Apache, CISA