H-ISAC: White Reports
This week, Health-ISAC®'s Hacking Healthcare® examines evidence that the HIPAA Security Rule effort launched at the end of the Biden administration may be moving ahead under the Trump administration and more.
On August 26, 2025, Citrix released a security bulletin (CTX694938) to address three critical vulnerabilities affecting its NetScaler ADC and NetScaler Gateway products: CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424.
A highly sophisticated Russian state-sponsored cyber espionage group, known as Static Tundra, has been targeting organizations of strategic interest within critical infrastructure verticals.
On August 15, 2025, exploit code was released that chains two critical vulnerabilities in SAP NetWeaver’s Visual Composer to bypass authentication and achieve remote code execution.
On August 12, 2025, FortiGuard Labs published an advisory for a flaw in FortiWeb tracked as CVE-2025-52970.
On August 14, 2025, Cisco disclosed a critical remote code execution (RCE) vulnerability.
This week, Health-ISAC®'s Hacking Healthcare® examines the recent publication of a new version of the United Kingdom’s (U.K.) National Cyber Security Centre (NCSC) developed Cyber Assessment Framework (CAF).
On August 13, 2025, HORIZON3.ai security researchers published an Attack Blog regarding two high-severity vulnerabilities, CVE-2025-8355 and CVE-2025-8356, affecting Xerox FreeFlow Core version 8.0.4.
On August 12, 2025, FortiGuard Labs issued an advisory on a critical FortiSIEM flaw, tracked as CVE-2025-25256. According to the advisory, a practical exploit code is available in the wild.
On August 5, 2025, Cisco Talos announced a wide range of vulnerabilities, collectively known as ReVault.