The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to gather, review, report and respond to computer security threats and incidents.

OUR SERVICES

Recent highlights

CIRCL’s Coordinated Vulnerability Disclosure (CVD) process is now published, reflecting the enforcement of NIS 2 in Luxembourg and CIRCL’s role as the national CVD coordinator and trusted intermediary for vulnerability reporting and coordination. - 20th May 2026

CIRCL is now a CVE Numbering Authority (CNA) under the ENISA CVE Root, enabling CIRCL to assign CVE IDs and publish CVE Records within its scope. - 20th May 2026

TR-98 - Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340) - Active Exploitation - 9th February 2026

TR-97 - Supply Chain Compromise Propagating Through the npm Ecosystem (Shai-Hulud) - 28th October 2025

TR-96 - Multiple Vulnerabilities in F5 Devices and Products - Impact and Mitigation - 16th October 2025

TR-95 - Critical vulnerability - Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. CVE-2025-53770 - CVE-2025-53771 - 20th July 2025

CIRCL - Virtual Summer School (VSS) 2025 - 1st July 2025

Coordinated Vulnerability Disclosure (CVD) Policy - 18th June 2025

TR-93 - Financial transaction fraud after sytem compromise via Remote Management and Monitoring tools - 26th February 2025

TR-92 - Unused Domain Names and the Risks of Missing DNS SPF Records - 22nd January 2025

TR-88 - Motivation, procedure and rational for leaked credential notifications - 29th August 2024

Learning from the Recent Windows/Falcon Sensor Outage - Causes and Potential Improvement Strategies in Linux with Open Source - 23rd July 2024

TR-87 - CrowdStrike Agent causing BSOD loop on Windows - Faulty Update on Falcon Sensor - 19th July 2024

TR-86 - Check Point VPN Information Disclosure (CVE-2024-24919) - Actively Exploited - 31st May 2024

TR-85 - Three vulnerabilities in Cisco ASA software/applicance and FTD software being exploited - 25th April 2024

TR-84 - PAN-OS (Palo Alto Networks) OS Command Injection Vulnerability in GlobalProtect Gateway - CVE-2024-3400 - 12th April 2024

TR-82 - backdoor discovered in xz-utils - CVE-2024-3094 - 30th March 2024

Cybersecurity Unites Across Borders - FETTA Project Launched to Strengthen EU Cyber Threat Intelligence - 31st January 2024

TR-78 - CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways - 11th January 2024

TR-77 - Spear phishing and voice call scams targeting corporate executives and their accounting department - 30th August 2023

TR-76 - Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS - 14th August 2023

TR-75 - Unauthenticated remote code execution vulnerability in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) - CVE-2023-3519 - 21st July 2023

TR-74 - A heap-based buffer overflow vulnerability [CWE-122] in FortiOS - CVE-2023-27997 - 5th July 2023

TR-73 - Ransomware FAQ - 7th March 2023

TR-72 - Vulnerable Microsoft Exchange server metrics leading to alarming situation - 21st February 2023

TR-70 - Vulnerabilities in Microsoft Exchange CVE-2022-41040 - CVE-2022-41082 - 30th September 2022

New online service - Pandora Document and File Analysis - 7th March 2022

TR-68 - Best practices in times of tense geopolitical situations - 1st March 2022

TR-65 - Vulnerabilities and Exploitation of Log4j (Remote code injection in Log4j)

TR-64 - Exploited Exchange Servers - Mails with links to malware from known/valid senders - 10th November 2021

CIRCL hash lookup is a public API to lookup hash values against known database of files. - 8th July 2021

TR-61 - Critical vulnerabilities in Microsoft Exchange - 11th March 2021

TR-58 - CVE-2020-0796 - Critical vulnerability in Microsoft SMBv3 - status and mitigation - 11th March 2020

TR-54 - Sextortion scam emails - I know your password- 2nd August 2018

Meltdown and Spectre Bugs in modern computers leak passwords and sensitive data - 3rd January 2018

TR-50 - WPA2 handshake traffic can be manipulated to induce nonce and session key reuse - 16th October 2017

TR-49 - CVE-2017-7494 - A critical vulnerability in Samba - remote code execution from a writable share - 26th May 2017

MS17-010 is critical and patches MUST BE applied. including EOL Windows. - 12th May 2017

TR-46 - Information Leaks Affecting Luxembourg and Recommendations (regularly updated) - 22nd December 2016

TR-42 - CVE-2015-7755 - CVE-2015-7756 - Critical vulnerabilities in Juniper ScreenOS - 21st December 2015

TR-41 (fr) - Crypto Ransomware - Défenses proactives et réponse sur incident - 1st December 2015

TR-41 - Crypto Ransomware - Proactive defenses and incident response - 1st December 2015

TR-38 (fr) - Attaques visant les solutions bancaires d'entreprise - Recommandations - 28th May 2015

TR-38 - Attacks targeting enterprise banking solutions - recommendations and remediations - 19th May 2015

TR-37 - VENOM / CVE-2015-3456 - Critical vulnerability in QEMU Floppy Disk Controller (FDC) emulation - 14th May 2015

TR-36 Example setup of WordPress with static export Another approach to secure your WordPress CMS - 29th April 2015

TR-33 Analysis - CTB-Locker / Critroni - 18th February 2015

A new wave of crypto ransomware targeting Luxembourg - Une nouvelle vague de ransomware cible le Luxembourg - 5th February 2015

glibc: buffer overflow in gethostbyname - 27th January 2015

NTP (Network Time Protocol) daemon - ntpd - critical vulnerabilities - 22nd December 2014

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, are vulnerable to critical padding oracle attack - CVE-2014-3566

TR-27 - GNU Bash Critical Vulnerability - CVE-2014-6271 - CVE-2014-7169 - 24th September 2014

CIRCL warns about spear phishing scams targeting corporate executives and their accounting department - 14th September 2014

[Previous news]

Latest CIRCL tweets

• RT @MISPProject: New MISP workflow blueprint has been added to tag ASN based on @circl_lu BGP ranking service available on https://t.co/Kad… 2022-11-15 08:20:39
• The MeliCERTes project is concluding after 3-years of hard work to create an open platforms to collaborate on cyber… https://t.co/a5ZXDDwQOi https://twitter.com/i/web/status/1591074624250343424 2022-11-11 14:25:25
• RT @LU_CIX: Join us next week at the #Luxembourg #Internet Days for the speech of Jean-Louis HUYNEN from @circl_lu on how to model and shar… 2022-11-10 10:10:57
• "Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516" One of the C… https://t.co/JkpigsMiDw https://twitter.com/i/web/status/1590326328553013248 2022-11-09 12:51:58
• RT @MISPProject: A huge thank to all participants, organisers and speakers at @FIRSTdotOrg #FIRSTCTI22 in Berlin. It was a blast. Our MISP… 2022-11-09 11:44:23
• RT @campuscodi: The Microsoft November 2022 Patch Tuesday updates are out. 68 vulnerabilities fixed. Also, 4 zero-days: -CVE-2022-41128, J… 2022-11-09 11:24:47
• RT @virusbtn: The Zimperium zLabs team write about the architecture and modus operandi of the Cloud9 malicious browser extension. https://t… 2022-11-09 11:24:26