Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate…
Category: EN
Android Security Update Fixes Linux Kernel RCE Flaw Allow Read/Write Access
On February 3, 2025, Google published its February Android Security Bulletin, which addresses a total of 47 vulnerabilities affecting Android devices. Among these, a critical flaw in the Linux kernel’s USB Video Class (UVC) driver, tracked as CVE-2024-53104, has been…
1- Click RCE Vulnerability in Voyager PHP Allow Attackers Execute Arbitrary Code
A recently disclosed security vulnerability in the Voyager PHP package, a popular tool for managing Laravel applications, has raised significant concerns regarding the potential for remote code execution (RCE) on affected servers. This vulnerability, identified through ongoing security scans using…
Apache Cassandra Vulnerability Allows Attackers to Gain Access Data Centers
In a recent security advisory, a moderate-severity vulnerability has been identified in Apache Cassandra, potentially allowing unauthorized users to access restricted data centers or IP/CIDR groups. This flaw, designated CVE-2025-24860, affects multiple versions of the database management system, specifically those…
Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC Vulnerability: Incorrect Calculation of Buffer Size 2. RISK EVALUATION Successful exploitation of this vulnerability could…
AutomationDirect C-more EA9 HMI
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-more EA9 HMI Vulnerability: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow…
Schneider Electric Pro-face GP-Pro EX and Remote HMI
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX and Remote HMI Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this…
Schneider Electric Web Designer for Modicon
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Web Designer for Modicon Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information…
Schneider Electric Modicon M340 and BMXNOE0100/0110, BMXNOR0200H
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and BMXNOE0100/0110, BMXNOR0200H Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could…
Top 15 Cloud Compliance Tools in 2025
Explore the top 15 cloud compliance tools in 2025 that you can leverage to protect your organization and customer data. The post Top 15 Cloud Compliance Tools in 2025 appeared first on Scytale. The post Top 15 Cloud Compliance Tools…
OpenSSL 3.5 Release Announcement
The freeze date for OpenSSL 3.5 Alpha is rapidly approaching. If you have a feature on the planning page, please ensure that your associated PRs are posted, reviewed, and ready to be merged before the include/exclude decision date (Tuesday, February…
ANY.RUN Enhances Malware Detection and Performance to Combat 2025 Cyber Threats
As cyber threats grow more sophisticated, ANY.RUN has unveiled a series of updates aimed at improving malware detection, analysis, and overall performance of its platform. These updates, implemented in January 2025, focus on optimizing the platform’s core functionality, enhancing detection…
The best malware removal software of 2025: Expert tested and reviewed
If you want additional ransomware protection on your machine, you should use one that offers thorough scans, a user-friendly interface, and compatibility with your preferred operating system. This article has been indexed from Latest stories for ZDNET in Security Read…
Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
FortiGuard Labs reverse engineers a malware’s binaries to look into what the malware is actually doing. This article has been indexed from Fortinet Threat Research Blog Read the original article: Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
US accuses Canadian math prodigy of $65M crypto scheme
Suspect, still at large, said to back concept that ‘code is law’ New York feds today unsealed a five-count criminal indictment charging a 22-year-old Canadian math prodigy with exploiting vulnerabilities in two decentralized finance protocols, allegedly using them to fraudulently…
Cycode Change Impact Analysis boosts application security posture
Cycode unveiled Change Impact Analysis (CIA) technology, a key addition to its Complete ASPM platform. This solution empowers organizations to proactively assess the security impact of every code change, enabling them to identify, prioritize, and remediate vulnerabilities faster and more…
CVE-2025-21298: A Critical Windows OLE Zero-Click Vulnerability
Explore CVE-2025-21298, a critical Windows OLE zero-click flaw enabling RCE via email. Learn its risks, impact, and how to defend against attacks. The post CVE-2025-21298: A Critical Windows OLE Zero-Click Vulnerability appeared first on OffSec. This article has been indexed…
AI-Powered Personalized Learning: Revolutionizing Education
In an era where technology permeates every aspect of our lives, education is undergoing a transformative shift. Imagine a classroom where each student’s learning experience is tailored to their unique needs, interests, and pace. This is no longer a…
DaggerFly-Linked Linux Malware Targets Network Appliances
DaggerFly’s Lunar Peek campaign is using a new malware strain, identified by FortiGuard Labs, to compromise Linux networks This article has been indexed from www.infosecurity-magazine.com Read the original article: DaggerFly-Linked Linux Malware Targets Network Appliances
SpyCloud Leads the Way in Comprehensive Identity Threat Protection
SpyCloud, a leading identity threat protection company, has unveiled key innovations in its portfolio, driving a shift towards holistic identity security. By leveraging its vast collection of darknet data and automated identity analytics, SpyCloud correlates malware, phishing, and breach exposures…