Search Results
The default setting for search results displays All Content. If you prefer to see recent content only, please adjust the date filter.
Filter your results:
Types
Topics
960 Results Found
H-ISAC TLP White Threat Bulletin: Active Exploitation of BeyondTrust CVE-2026-1731
Palo Alto Networks Unit 42 recently published a report detailing the active, in-the-wild exploitation of CVE-2026-1731. The vulnerability is a pre-authentication remote code execution (RCE) flaw affecting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA).
Threat actors are weaponizing this vulnerability to gain unauthorized control over appliances, facilitating broad malicious activities ranging from data theft to persistent network access. Users leveraging self-hosted instances of these products are urged to apply available patches to mitigate significant risk to operations.
Health-ISAC provides this information to increase situational awareness and encourage organizations to assess their level of risk to this vulnerability.
H-ISAC TLP White Vulnerability Bulletin - BeyondTrust Disclosed Critical Flaw in Remote Support Software
On February 6, 2026, BeyondTrust released a security advisory, disclosing a critical pre-authentication Remote Code Execution (RCE) vulnerability tracked as CVE-2026-1731.
H-ISAC TLP White Vulnerability Bulletin PaperCut Vulnerability Exploitation April 24, 2023
On April 24, 2023, reports circulated about attackers exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software in order to compromise servers.
H-ISAC TLP White Active Exploitations of an Authentication Bypass Vulnerability
On January 15, 2026, a critical authentication bypass vulnerability, tracked as CVE-2026-24858, in FortiCloud SSO was discovered. It allows unauthenticated remote attackers to gain administrative access to Fortinet devices.
H-ISAC TLP White Threat Bulletin Active Exploitations of an 11-Year-Old Critical Telnetd Vulnerability (CVE-2026-24061)
On January 19, 2026, a security researcher, Kyu Neushwaistein (a.k.a. Carlos Cortes Alvarez), reported an 11-year-old critical vulnerability in telnetd, tracked as CVE-2026-24061.
H-ISAC TLP White Threat Bulletin: Emerging SMS/Voice OTP Toll Fraud via Account Sign-up and Patient Portal Flows
Health-ISAC is tracking an emerging fraud pattern where threat actors exploit SMS and voice One-Time Password (OTP) mechanisms used in account sign-up, patient portal enrollment, telehealth registration, and MFA flows.
H-ISAC TLP White Vulnerability Bulletin: Cisco Patches Identity Services Engine (ISE) Security Flaw (CVE-2026-20029)
On January 7, 2026, Cisco released security updates to address a medium-severity vulnerability, tracked as CVE-2026-20029, affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) network access control solutions.
H-ISAC TLP White Threat Bulletin: Active Exploitation of Critical HPE OneView RCE Flaw (CVE-2025-37164)
A maximum-severity vulnerability in HPE OneView, tracked as CVE-2025-37164, is being actively exploited in the wild.
H-ISAC TLP White Vulnerability Bulletin: Multiple Vulnerabilities Addressed in Veeam Backup & Replication Solution
On January 6, 2026, Veeam released security updates to address four vulnerabilities affecting its Backup & Replication solution.
H-ISAC TLP White Announcement Fall America Summit FDA Town Hall Recap
On December 2nd, the Health-ISAC Fall Americas Summit convened healthcare leaders and regulators to address the evolving medical device cybersecurity landscape.