H-ISAC: White Reports

On September 17, 2025, WatchGuard released a security advisory regarding a critical vulnerability, tracked as CVE-2025-9242.
SonicWall has disclosed a security incident in which threat actors gained unauthorized access to backup firewall preference files stored in its cloud service,
On September 11, 2025, Okta discovered a sophisticated Phishing-as-a-Service framework named VoidProxy. Due to its evasive capabilities and modular design, it has emerged as a significant threat.
 The following information is being provided by the FBI, with no guarantees or warranties, for potential use at the sole discretion of recipients to protect against cyber threats. This data is provided in order to help cyber security professionals and system administrators to guard against the…
FS-ISAC has released several white papers discussing AI best practices.
This week, Health-ISAC®'s Hacking Healthcare® examines evidence that the HIPAA Security Rule effort launched at the end of the Biden administration may be moving ahead under the Trump administration and more.
On August 26, 2025, Citrix released a security bulletin (CTX694938) to address three critical vulnerabilities affecting its NetScaler ADC and NetScaler Gateway products: CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424.
A highly sophisticated Russian state-sponsored cyber espionage group, known as Static Tundra, has been targeting organizations of strategic interest within critical infrastructure verticals.
On August 15, 2025, exploit code was released that chains two critical vulnerabilities in SAP NetWeaver’s Visual Composer to bypass authentication and achieve remote code execution.