Security Issues, Vulnerabilities, Exploits & Government Alerts
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kaleris Equipment: Navis N4 Vulnerabilities: Deserialization of Untrusted Data, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EVLink WallBox Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Improper Neutralization of Input…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ControlID Equipment: iDSecure On-premises Vulnerabilities: Improper Authentication, Server-Side Request Forgery (SSRF), SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Parsons Equipment: AccuWeather and Custom RSS widget Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: MICROSENS Equipment: NMP Web+ Vulnerabilities: Use of Hard-coded, Security-relevant Constants, Insufficient Session Expiration, Improper Limitation of a Pathname to a Restricted…
Jun 24, 2025Ravie LakshmananThreat Exposure Management I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn’t have asked for a better kickoff panel: three…
Jun 24, 2025Ravie LakshmananCloud Security / Cryptojacking Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. “Attackers are exploiting misconfigured Docker APIs…
Jun 24, 2025Ravie LakshmananData Protection / Mobile Security The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios.…
Jun 24, 2025Ravie LakshmananMalware / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages…
Jun 24, 2025Ravie LakshmananCyber Espionage / Chinese Hackers The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt…