View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: OpenBlue Mobile Web Application for OpenBlue Workplace Vulnerability: Direct Request (‘Forced Browsing’) 2. RISK EVALUATION Successful exploitation…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: SolisCloud Equipment: Monitoring Platform (Cloud API & Device Control API) Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: GX Works2 Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could open project…
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) launched a new Industry Engagement Platform (IEP) today designed to facilitate structured, two-way communication between the agency and companies developing innovative and security technologies. The IEP…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: MAXHUB Equipment: MAXHUB Pivot Vulnerability: Weak Password Recovery Mechanism for Forgotten Password 2. RISK EVALUATION Successful exploitation of this vulnerability could…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Canadian Centre for Cyber Security (Cyber Centre) unveiled a malware analysis report on BRICKSTORM, a sophisticated backdoor for VMware vSphere…
Dec 04, 2025Ravie LakshmananCybersecurity / Hacking News Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a…
Back in September, when macOS 26 Tahoe arrived for download on my MacBook, I installed it along with millions of other people. I didn’t give it a second thought—I have an M3 Max MacBook Pro…
![5 Threats That Reshaped Web Security This Year [2025]](https://i1.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ51hMVtHfFQ2O7pCZYfK5WkypXg1Qury_AA_VudY5f_n7u8S8M4UJAy76w7DM1aBq1faDyuaOO4VJP7bIj1L1-AgNzZjQf0-kZlhU6kH-G4qDMkZFF_7YsL3v5R6d9PkpJcTegD7H01BySWNNs-m5toA_DTqVSVs-sCeLm5n1zJuLzs1_erWdl8asq4k/s790-rw-e365/reflectiz.jpg?w=930&resize=930,620&ssl=1 "5 Threats That Reshaped Web Security This Year [2025]")
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands…
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since…