Security Issues, Vulnerabilities, Exploits & Government Alerts
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MACH GWS products Vulnerabilities: Improper Neutralization of Special Elements in Data Query Logic, Improper Limitation of a Pathname…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: ABB Equipment: Automation Builder Vulnerabilities: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an…
In an effort to enhance user experience and highlight the most timely and actionable information for cyber defenders, CISA announced a shift in how we share cybersecurity alerts and advisories. We recognize this has caused…
May 13, 2025The Hacker NewsAI Security / Zero Trust The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate…
The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia. Enterprise security firm Proofpoint said the end…
May 13, 2025Ravie LakshmananCybercrime / Ransomware Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021. “He is wanted internationally for…
May 13, 2025Ravie LakshmananZero-Day / Vulnerability A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024.…
May 12, 2025Ravie LakshmananVulnerability / Endpoint Security ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve…
May 12, 2025Ravie LakshmananCybersecurity / Hacking News What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks—because cybercriminals are rethinking what counts as…
Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian’s State of Secrets Sprawl 2025 report reveals a disturbing…