Security Issues, Vulnerabilities, Exploits & Government Alerts
Feb 21, 2025Ravie LakshmananSurveillance / Content Monitoring An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in…
Feb 21, 2025Ravie LakshmananDark Web / Cybercrime The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand’s legitimate…
Feb 21, 2025The Hacker NewsIdentity Security / Threat Prevention In today’s rapidly evolving digital landscape, weak identity security isn’t just a flaw—it’s a major risk that can expose your business to breaches and costly downtime.…
Wherever there’s been conflict in the world, propaganda has never been far away. Travel back in time to 515 BC and read the Behistun Inscription, an autobiography by Persian King Darius that discusses his rise…
Feb 21, 2025Ravie LakshmananNetwork Security / Vulnerability Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate…
Feb 21, 2025Ravie LakshmananWeb Security / Vulnerability A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities…
Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret. The activity, linked to North Korea, has been codenamed DeceptiveDevelopment,…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: FLXEON Controllers Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’), Missing Origin…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rapid Response Monitoring Equipment: My Security Account App Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Carrier Equipment: Block Load Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious…