// #cisa-advisory
5 articles
CISA ICS Advisory: Milesight AIOT Cameras Carry Five CVEs Including CVSS 9.8 Hard-Coded SSL Key Flaw
CISA advisory ICSA-26-113-03 covers five vulnerabilities across 18-plus Milesight AIOT camera model families, including a CVSS 9.8 flaw where all devices share a hard-coded factory SSL private key that cannot be changed. An attacker with the key — which is extractable from any unit — can conduct undetectable man-in-the-middle attacks against the entire deployed fleet. Organisations using Milesight cameras in operational technology or physical security environments should isolate these devices immediately.
DPRK's Sapphire Sleet Backdoors Axios npm Package: 100 Million Weekly Downloads at Risk
North Korea's Sapphire Sleet compromised an axios npm maintainer account on March 31, publishing backdoored versions 1.14.1 and 0.30.4 that delivered a cross-platform RAT during a three-hour exposure window. Axios has approximately 100 million weekly downloads. CISA issued Advisory AA26-110A on April 20 — organisations that ran npm installs during the window should treat their CI/CD pipeline as compromised and rotate all secrets immediately.
CVE-2026-6074: Unauthenticated Path Traversal in Intrado 911 Emergency Gateway Threatens PSAP Call Routing
CISA ICS advisory ICSA-26-113-06 discloses CVE-2026-6074, a CVSS 9.1 path traversal flaw in Intrado 911 Emergency Gateway versions 5.x–7.x that allows unauthenticated network access to read, write, and delete arbitrary files on the management interface. Exploitation could modify 911 call routing rules or disable emergency call processing. Intrado patched on March 2 2026 and is directly contacting affected PSAP operators.
FIRESTARTER Backdoor Persists on Cisco Firepower Devices After Patching — Federal Agency Confirmed Victim
A joint CISA and NCSC advisory reveals FIRESTARTER, a sophisticated backdoor implanted on Cisco FTD and ASA firewalls that survives firmware updates and reimaging. At least one US federal agency is a confirmed victim. Defenders must verify device integrity rather than assume patching closed the access.
CISA Advisory: TPM 2.0 Out-of-Bounds Read in Siemens SIMATIC Industrial PCs (CVE-2025-2884)
CISA advisory ICSA-26-111-01 covers a TPM 2.0 out-of-bounds read vulnerability in Siemens SIMATIC CN 4100, Field PG M5/M6, and IPC BX series industrial computers. The flaw enables information disclosure or denial of service against the hardware root of trust, with direct implications for Secure Boot integrity and the trusted execution environment of industrial control systems.