View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Ashlar-Vellum Equipment: Cobalt, Xenon, Argon, Lithium, Cobalt Share Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an…
Category: EN
AVEVA PI Integrator
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Integrator Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Insertion of Sensitive Information into Sent Data 2. RISK EVALUATION Successful exploitation of these…
Santesoft Sante PACS Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Santesoft Equipment: Sante PACS Server Vulnerabilities: Path Traversal, Double Free, Cleartext Transmission of Sensitive Information, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could…
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR, ULTRA G2 SE, iSTAR Edge G2 Vulnerabilities: OS Command Injection, Insufficient Verification of Data…
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems (ICS) advisories on August 12, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-224-01 Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share ICSA-25-224-02 Johnson Controls iSTAR Ultra, iSTAR…
Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses
An ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be working hand in hand, new findings show. “This latest wave of ShinyHunters-attributed…
Hacker Alleges Russian Government Role in Kaseya Cyber-Attack
In a new investigation launched at DEFCON 33, Analyst1’s Jon DiMaggio revealed probable Russian government involvement in the Kaseya attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Hacker Alleges Russian Government Role in Kaseya Cyber-Attack
ShinyHunters Claims BreachForums Seized by Law Enforcement, Now a Honeypot
The threat actor known as ShinyHunters has publicly disclosed what they claim is a covert seizure of BreachForums, a notorious online platform used for trading stolen data and discussing illicit hacking activities. According to ShinyHunters’ announcement, the forum’s core infrastructure,…
Claude can now process entire software projects in single request, Anthropic says
Anthropic’s Claude Sonnet 4 now supports a 1 million token context window, enabling AI to process entire codebases and complex documents in a single request—redefining software development and enterprise AI workflows. This article has been indexed from Security News |…
This new Arch Linux tool takes the hassle out of keeping packages up to date – here’s how
Meet Bumpbuddy, the Arch Linux app that tracks software releases from official repositories so you don’t have to – and it all happens automatically. This article has been indexed from Latest news Read the original article: This new Arch Linux…
SonicWall VPN Cyberattack Linked to Known Access Control Vulnerability
SonicWall identified under 40 security incidents and determined the access control problem was related to a vulnerability published last year. This article has been indexed from Security | TechRepublic Read the original article: SonicWall VPN Cyberattack Linked to Known Access…
The latest from Black Hat USA 2025
<p>Black Hat USA 2025 is returning for its 28th year, covering the latest in infosec for technical experts, thought leaders, innovative vendors and cybersecurity pros.</p> <div class=”ad-wrapper ad-embedded”> <div id=”halfpage” class=”ad ad-hp”> <script>GPT.display(‘halfpage’)</script> </div> <div id=”mu-1″ class=”ad ad-mu”> <script>GPT.display(‘mu-1’)</script> </div>…
ShinyHunters Unveils That BreachForums Taken by Law Enforcement Agencies, Now It Is a Honeypot
The threat actor collective ShinyHunters has recently announced that BreachForums—one of the most prolific breeding grounds for stolen credentials and leak data—has been commandeered by international law enforcement agencies. According to Shiny from ShinyHunters, the site’s administrative controls, including the…
7000+ Citrix NetScaler Devices Still Vulnerable to CVE-2025-5777 and CVE-2025-6543
Over 7,000 Citrix NetScaler appliances remain unpatched against two critical vulnerabilities: CVE-2025-5777 and CVE-2025-6543. Despite multiple advisories from Citrix, CISA’s KEV catalog entries, and updates from national cybersecurity agencies—including the Dutch NCSC—threat actors continue to target unmitigated devices at scale.…
Ivanti Connect Secure, Policy Secure and ZTA Vulnerabilities Let Attackers Trigger DoS Attack
Ivanti has released critical security updates addressing multiple high and medium-severity vulnerabilities across its Connect Secure, Policy Secure, and Zero Trust Access (ZTA) gateway products. The vulnerabilities, identified through internal discovery and responsible disclosure programs, could enable remote attackers to…
Hackers Attacking Fortinet SSL VPN Under Attack From 780 unique IPs
An unprecedented surge in brute-force attacks targeting Fortinet SSL VPN infrastructure, with over 780 unique IP addresses participating in coordinated assault campaigns. The August 3rd attack represents the highest single-day volume recorded on GreyNoise’s Fortinet SSL VPN Bruteforcer tag in…
Critical Zoom Clients for Windows Vulnerability Lets Attackers Escalate Privileges
Zoom has disclosed a critical vulnerability affecting multiple Windows-based clients, potentially allowing attackers to escalate privileges and compromise user systems. Designated as CVE-2025-49457 under bulletin ZSB-25030, this flaw carries a CVSS score of 9.6, classifying it as critical due to…
ANOTHER WinRAR 0-Day: Don’t Patch Now — Uninstall It!
Zero day—zero clue: Old, bug-prone app relies on you to go look for update files. The post ANOTHER WinRAR 0-Day: Don’t Patch Now — Uninstall It! appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read…
From Vibes to Ventures: How AI-First Startups Like Giggles Are Redefining the Rules of Entrepreneurship
In January, 18-year-old Justin Jin introduced Giggles — an AI-powered social entertainment app that has already drawn over 120,000 people to its waitlist and generated 150 million impressions. Remarkably, this momentum came without venture capital backing, a marketing budget,…
Cybercriminals Escalate Client-Side Attacks Targeting Mobile Browsers
Cybercriminals are increasingly turning to client-side attacks as a way to bypass traditional server-side defenses, with mobile browsers emerging as a prime target. According to the latest “Client-Side Attack Report Q2 2025” by security researchers c/side, these attacks are…