CERT-EU

#CERTEU
#CTI
#Framework

🚀 Today, CERT-EU is publishing https://lnkd.in/e6BhqkY5
its Cyber Threat Intelligence Framework https://lnkd.in/eGvPgHv8,
a reference we share with our constituents to classify, assess, and prioritise malicious cyber activity affecting Union entities and their ecosystem. It introduces shared CTI concepts and a clear scoring approach to support consistent reporting, alerting, and prioritisation across CERT-EU products, including Cyber Briefs and the TLR Year in Review. 🇪🇺 We are publishing it openly to increase transparency on how we structure and prioritise CTI, and to invite feedback from peers and cybersecurity professionals to further refine and strengthen it. 🦾

🤝🛡️ We welcome your feedback, suggestions, and practical observations at
services@cert.europa.eu to help us continuously improve the framework for the whole community.

#CybersecurityRegulation
#AnnualReport

🚀 Exciting Developments in EU Cybersecurity! 🚀

The 2025 report from the Interinstitutional Cybersecurity Board (IICB) has just dropped, and it's already creating waves in Brussels. 📈 With Regulation (EU) 2023/2841 in its second year, Union entities have achieved significant milestones in strengthening their cybersecurity frameworks.

🔒 Key Highlights:

▪️ Establishing robust cybersecurity risk-management frameworks

▪️Assessing cybersecurity maturity levels

▪️Tailoring measures to manage cybersecurity risks

▪️Leveraging the FREIA framework contract for trusted service outsourcing

CERT-EU continues to play a critical role in defending against advanced threats, identifying over thirty malicious actors targeting Union entities. As the threat landscape becomes more complex, our collective resilience is paramount.

Don't miss out—grab a cup of your favorite beverage and dive into the IICB report to discover how these efforts are keeping our Union strong and secure for the future. 🛡️

https://www.cert.europa.eu/blog/another-year-another-blast

Critical Vulnerability in Cisco Secure Email and Web Manager (CERT-EU Security Advisory 2025-042)

On December 17, 2025, Cisco released a security advisory for a critical vulnerability affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager products.
It is recommended to follow Cisco's recommendations to check whether vulnerable appliances have been compromised, and to remediate the issue. There is no patch available for this vulnerability yet.

https://www.cert.europa.eu/publications/security-advisories/2025-042/

Critical Security Vulnerability in React Server Components (CERT-EU Security Advisory 2025-041)

On December 3, 2025, the React Team publicly disclosed a critical security vulnerability affecting React Server Components (RSC) and related packages. The vulnerability allows for unauthenticated remote code execution (RCE) via maliciously crafted HTTP requests.
It is recommended to update all affected component packages and any frameworks that integrate them.

https://www.cert.europa.eu/publications/security-advisories/2025-041/

UPDATE: Critical Vulnerabilities in Cisco ASA and FTD (CERT-EU Security Advisory 2025-036)

On September 25, 2025, Cisco released several security advisories addressing 3 vulnerabilities, 2 of which are critical. Cisco warns that some of those vulnerabilities are exploited in the wild and assesses with high confidence that this new activity is related to the same threat actor as the ArcaneDoor attack campaign that Cisco reported in early 2024.
It is recommended running compromise assessment on Internet facing vulnerable devices, and update as soon as possible.

https://www.cert.europa.eu/publications/security-advisories/2025-036/

Critical Vulnerabilities in Cisco ASA and FTD (CERT-EU Security Advisory 2025-036)

On September 25, 2025, Cisco released several security advisories addressing 3 vulnerabilities, 2 of which are critical. Cisco warns that some of those vulnerabilities are exploited in the wild and assesses with high confidence that this new activity is related to the same threat actor as the ArcaneDoor attack campaign that Cisco reported in early 2024.
It is recommended running compromise assessment on Internet facing vulnerable devices, and update as soon as possible.

https://www.cert.europa.eu/publications/security-advisories/2025-036/

High Vulnerability in Cisco IOS and IOS XE Software (CERT-EU Security Advisory 2025-035)

On September 24, 2025, Cisco released a security advisory regarding a high severity vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software. The vulnerability is being exploited in the wild.
It is recommended updating as soon as possible and conduct a compromise assessment on devices that are exposing SNMP on the Internet. It is also recommended not allowing access to SNMP over untrusted network (i.e. on the Internet).

https://www.cert.europa.eu/publications/security-advisories/2025-035/

Multiple Vulnerabilities in Microsoft Products (CERT-EU Security Advisory 2025-032)

On August 13, 2025, Microsoft released its August 2025 Patch Tuesday advisory addressing 111 security flows in various products among which 16 are rated as critical.
It is recommended updating as soon as possible, prioritising public facing and critical assets.

https://www.cert.europa.eu/publications/security-advisories/2025-032/

Multiple Vulnerabilities in Fortinet Products (CERT-EU Security Advisory 2025-031)

On August 12, 2025, Fortinet released security advisories addressing several vulnerabilities, including a critical one exploited in the wild, and two high severity ones.
It is recommended updating as soon as possible.

https://www.cert.europa.eu/publications/security-advisories/2025-031/

UPDATE: High Severity Vulnerability in Microsoft Exchange (CERT-EU Security Advisory 2025-030)

On August 6, 2025, Microsoft issued an advisory for a high-severity vulnerability affecting Microsoft Exchange hybrid environments. The vulnerability tracked as CVE-2025-53786 allows an attacker with administrative access to an on-premises Exchange Server to escalate privileges into the connected Exchange Online environment. The vulnerability can impact the confidentiality, integrity, and availability of affected systems.

https://www.cert.europa.eu/publications/security-advisories/2025-030/

High Severity Vulnerability in Microsoft Exchange (CERT-EU Security Advisory 2025-030)

On August 6, 2025, Microsoft issued an advisory for a high-severity vulnerability affecting Microsoft Exchange hybrid environments. The vulnerability tracked as CVE-2025-53786 allows an attacker with administrative access to an on-premises Exchange Server to escalate privileges into the connected Exchange Online environment. The vulnerability can impact the confidentiality, integrity, and availability of affected systems.

https://www.cert.europa.eu/publications/security-advisories/2025-030/

Possible Zero-Day Vulnerability in SonicWall Products (CERT-EU Security Advisory 2025-029)

On August 4, 2025, SonicWall issued an advisory regarding a possible zero-day vulnerability in the Gen 7 SonicWall firewalls. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected appliance. This vulnerability is being exploited in the wild.
It is recommended to disable SSLVPN Services as soon as possible.

https://www.cert.europa.eu/publications/security-advisories/2025-029/

#CERTEU
#ENISA
#CSIRT
#vulnerability

https://cert.europa.eu/blog/sharepoint-vulnerabilities-joint-statement

Critical Vulnerabilities in Microsoft SharePoint (CERT-EU Security Advisory 2025-027)

On July 19, 2025, Microsoft released an out-of-bound advisory addressing two vulnerabilities, one of which being rated as critical and allowing unauthenticated remote attacker to execute arbitrary code on vulnerable systems. This critical flaw is actively being exploited in the wild since at least 18th of July 2025.
It is recommended isolating vulnerable system from the Internet, but also from internal systems, and running a compromise assessment before updating.

https://www.cert.europa.eu/publications/security-advisories/2025-027/

What has kept us busy in the past year? What did we, together with the IICB, achieve? But also: what are the challenges that are currently right in front of us? 🧐

Answers to these questions, and to many more you might have, can be found in the Annual Report of the IICB (Interinstitutional Cybersecurity Board). Have a read! 👇

https://www.cert.europa.eu/blog/first-year-in-the-bag-many-more-to-come

Only 2 weeks left to submit your talk for the Technical Track at CERT-EU's Annual Conference. Send your proposal by 28 April and take part in our Flagship Event, this year’s theme Never Gonna Breach You Up.

Follow the link

https://www.cert.europa.eu/conference/never-gonna-breach-you-up/announcement

to submit your participation and help make "Never Gonna Breach You Up" an exceptional edition.

#CyberSecurity, #CERTEU, #Conference, #CallForProposals

Critical Vulnerability in Ivanti Products (CERT-EU Security Advisory 2025-016)

On April 4, 2025, Ivanti released a security advisory regarding a critical vulnerability affecting their products. The vulnerability is known to be exploited in the wild. The vulnerability has been fixed in the February 2025 release and was initially identified as a product bug.
CERT-EU recommends upgrading to a supported and fixed version of Ivanti products as soon as possible. CERT-EU also recommends reviewing forensic evidence to detect any signs of exploitation.

https://www.cert.europa.eu/publications/security-advisories/2025-016/

Critical vulnerability in CrushFTP (CERT-EU Security Advisory 2025-015)

In April 2025, information about an easy-to-exploit critical vulnerability affecting CrushFTP was made public. It is recommended updating affected server as soon as possible.
Proof of concepts are available, and the vulnerability is being exploited in the wild.

https://www.cert.europa.eu/publications/security-advisories/2025-015/

Critical Vulnerability in Apache Tomcat (CERT-EU Security Advisory 2025-014)

On March 10, 2025, Apache released a security advisory regarding a critical vulnerability affecting the Apache Tomcat product.
It is recommended updating the affected assets to a fixed version of Apache Tomcat.

https://www.cert.europa.eu/publications/security-advisories/2025-014/

Don't miss your chance to contribute to CERT-EU's Annual Conference 2025! The Conference will take place in Brussels on 2-3 October, and our Call for Proposals for the Technical Track is still open until April 28th. Share your insights and expertise and help make "Never Gonna Breach You Up" an exceptional edition. Submit now: https://cert.europa.eu/conference/never-gonna-breach-you-up/announcement #CyberSecurity #CERTEU #Conference #CallForProposals