View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: METZ CONNECT Equipment: EWIO2 Vulnerabilities: Authentication Bypass by Primary Weakness, Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2.…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Shelly Equipment: Pro 4PM Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could result…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Shelly Equipment: Pro 3EM Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 3.…
Valve just announced the Steam Machine, a living room PC/console to compete with the Xbox and PlayStation. But Valve already has a living room gaming station! It’s called the Steam Deck and all you need…
Earlier this month, security guru Troy Hunt added a staggering two billion unique email addresses and 1.3 billion unique passwords to his Have I Been Pwned and Pwned Passwords databases. Aggregated by Synthient, the data…
If you thought we were going to get out of November without an iPhone sales failure, well, you thought wrong. The Wall Street Journal goes so far as to drop an F-bomb on the iPhone…
Identity security fabric (ISF) is a unified architectural framework that brings together disparate identity capabilities. Through ISF, identity governance and administration (IGA), access management (AM), privileged access management (PAM), and identity threat detection and response…
Nov 18, 2025Ravie LakshmananMalware / Web Security Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims…
Nov 18, 2025Ravie LakshmananIoT Security / Botnet Microsoft on Monday disclosed that it automatically detected and neutralized a distributed denial-of-service (DDoS) attack targeting a single endpoint in Australia that measured 15.72 terabits per second (Tbps)…