CISA released ten Industrial Control Systems (ICS) advisories on June 12, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-162-01 Siemens Tecnomatix Plant Simulation ICSA-25-162-02 Siemens RUGGEDCOM APE1808 ICSA-25-162-03 Siemens SCALANCE and RUGGEDCOM…
Category: EN
Siemens Tecnomatix Plant Simulation
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
AVEVA PI Web API
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.5 ATTENTION: Exploitable remotely Vendor: AVEVA Equipment: PI Web API Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disable content security policy protections. 3. TECHNICAL…
DragonForce Ransomware Group – The Rise of a Relentless Cyber Threat in 2025
The cybersecurity landscape has witnessed the emergence of increasingly sophisticated ransomware operations, with DragonForce standing out as a particularly concerning threat actor that has evolved from politically motivated attacks to large-scale financial extortion campaigns. DragonForce ransomware group launched in 2023…
Cloudflare Warns of DDoS Attacks Targeting Journalists and News Organizations
Cybersecurity firm Cloudflare has issued a stark warning about the escalating threat landscape facing independent media organizations worldwide, revealing that journalists and news outlets have become the primary targets of sophisticated distributed denial-of-service (DDoS) attacks. The company’s latest Project Galileo…
Threat Actors Exploiting Expired Discord Invite Links to Deliver Multi-Stage Malware
Cybercriminals have discovered a sophisticated new attack vector that exploits a critical flaw in Discord’s invitation system, allowing them to hijack expired invite links and redirect unsuspecting users to malicious servers hosting advanced malware campaigns. This emerging threat leverages the…
Cyber resilience begins before the crisis
Hear directly from Microsoft’s Deputy CISO for Customer Security, Ann Johnson, about the need for proactive planning in cyber incidents. The post Cyber resilience begins before the crisis appeared first on Microsoft Security Blog. This article has been indexed from…
What’s New in Tripwire Enterprise 9.3?
Protecting your organization from cyber threats and meeting compliance requirements is simpler than ever with the new Tripwire Enterprise 9.3 release, which includes the following enhancements: IPv6 Support IPv6-Only Support: Now fully compatible with environments that operate exclusively on IPv6.…
New Way to Track Covertly Android Users
Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught. The details are interesting, and worth reading in detail: Tracking code that…
Airlines Secretly Selling Passenger Data to the Government
This is news: A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S. travellers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the…
Reimagining Integrity: Why the CIA Triad Falls Short
For decades, the CIA Triad of Confidentiality, Integrity, and Availability has been the bedrock framework of information security. While it serves as a conceptual guiding light, its simplicity and vagueness leave room for a tremendous amount of ambiguity, especially when…
Here’s How ‘Alert Fatigue’ Can Be Combated Using Neuroscience
Boaz Barzel, Field CTO at OX Security, recently conducted research with colleagues at OX Security and discovered that an average organisation had more than half a million alerts at any given time. More astonishing is that 95% to 98%…
Kettering Health Ransomware Attack Linked to Interlock Group
Kettering Health, a prominent healthcare network based in Ohio, is still grappling with the aftermath of a disruptive ransomware attack that forced the organization to shut down its computer systems. The cyberattack, which occurred in mid-May 2025, affected operations…
WhatsApp Supports Apple In Legal Battle With UK Government
Meta’s messaging platform WhatsApp publicly supports Apple in its legal battle against the UK’s Home Office This article has been indexed from Silicon UK Read the original article: WhatsApp Supports Apple In Legal Battle With UK Government
How Security Engineers Can Help Build a Strong Security Culture
In today’s fast-paced world, organizations face increasing cyber threats that can compromise their operational integrity, erode customer trust, and jeopardize financial stability. While it’s crucial to have advanced security technologies in place, many organizations overlook the importance of cultivating a…
Scientists just took a big step toward the quantum internet
A team of Danish and German scientists has launched a major project to create new technology that could form the foundation of the future quantum internet. They re using a rare element called erbium along with silicon chips like the…
Palo Alto Networks PAN-OS Vulnerability Enables Admin to Execute Root User Actions
A critical command injection vulnerability in Palo Alto Networks PAN-OS operating system enables authenticated administrative users to escalate privileges and execute commands as the root user. Designated as CVE-2025-4231, this medium-severity vulnerability affects multiple versions of the company’s firewall operating…
OpenPGP.js Vulnerability Let Attackers Spoof Message Signature Verification
A critical vulnerability in the widely-used OpenPGP.js library has been discovered that allows attackers to forge digital signatures and deceive users into believing malicious content was legitimately signed by trusted sources. The flaw, designated CVE-2025-47934, represents a fundamental breach of…
Threat Actors Leverages DeepSeek-R1 Popularity to Attack Users Running Windows Devices
Cybercriminals have begun exploiting the surge in popularity of DeepSeek-R1, one of the most sought-after large language models currently available, to distribute a sophisticated new malware strain targeting Windows users. The malicious campaign uses the artificial intelligence chatbot’s growing demand…
Microsoft Outlook’s New Two-Click View for Encrypted Emails Protects You From Accidental Exposure
Microsoft is set to launch a significant security enhancement for Outlook users across multiple platforms. Starting April 2025, the company will roll out a new two-click verification feature for encrypted emails, requiring users to confirm their intent to access sensitive…