Security Issues, Vulnerabilities, Exploits & Government Alerts
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PrismaSeT Active – Wireless Panel Server Vulnerability: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) 2.…
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Galaxy VS, Galaxy VL, Galaxy VXL Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: MB-Gateway Vulnerability: Missing Authentication For Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker…
May 20, 2025The Hacker NewsPenetration Testing / Risk Management In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics,…
May 20, 2025Ravie LakshmananMalware / Cyber Espionage Threat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented backdoor dubbed…
May 20, 2025Ravie LakshmananLinux / Cryptojacking Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by Datadog Security Labs. “RedisRaider…
Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs. All three packages are no longer…
May 19, 2025Ravie LakshmananMalware / Supply Chain Attack The official site for RVTools has been hacked to serve a compromised installer for the popular VMware environment reporting utility. “Robware.net and RVTools.com are currently offline. We…
May 19, 2025Ravie LakshmananRansomware / Malware Several ransomware actors are using a malware called Skitnet as part of their post-exploitation efforts to steal sensitive data and establish remote control over compromised hosts. “Skitnet has been…