H-ISAC: White Reports
On April 3, 2025, Ivanti released a security advisory regarding the active exploitation of a critical security flaw affecting vulnerable Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA gateway product.
A critical vulnerability, tracked as CVE-2025-2825, affecting CrushFTP is actively being exploited following the release of proof-of-concept exploit code.
On March 23, 2025, a critical vulnerability in Next.js middleware was disclosed and tracked as CVE-2025-29927.
On March 20, 2025, the Health-ISAC Threat Intelligence Committee (TIC) evaluated the current Cyber Threat Level and collectively decided to maintain the Cyber Threat Level at Yellow (Elevated).
This week, Health-ISAC®'s Hacking Healthcare® examines a new report from the European Union Agency for Cybersecurity (ENISA) to assess what it says about the cybersecurity maturity and criticality of various sectors in the EU.
On March 5, 2025, Elastic released a security update to fix a critical vulnerability in Kibana, data visualization dashboard software.
From March to November 2024, Health-ISAC held ten workshops as part of the Discussion Based Exercise Series, involving over 100 member organizations, potential members, and strategic partners.
On March 5, 2025, Microsoft released a report identifying the Silk Typhoon’s evolving tactics.
This week, Health-ISAC®'s Hacking Healthcare® examines a new policy shift that will affect how the public is able to interact with new rulemaking efforts coming out of the United States' Department of Health and Human Services. Join us as we breakdown what the new policy statement says and how it…
On March 4, 2025, Broadcom released an advisory (VMSA-2025-0004) prompted by the Microsoft Threat Intelligence Center’s disclosure of multiple, actively exploited, zero-day vulnerabilities affecting VMware ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform solutions.