We have offered several different data feeds via our API or other means. However, we are often not very good at documenting what these feeds are all about. Currently, I am in the process of fixing the documentation around these…
Tag: EN
Taiwan bans DeepSeek AI and Meta warns its insider threats
Taiwan bans DeepSeek Chatbot of China Taiwan has officially imposed a ban on the use of DeepSeek, an AI-powered chatbot developed by a Chinese startup, within government organizations and entities responsible for critical infrastructure. However, the restriction does not extend…
AMD fixed a flaw that allowed to load malicious microcode
AMD released security patches to fix a flaw that could bypass SEV protection, letting attackers load malicious microcode. Researchers from Google disclosed an improper signature verification vulnerability, tracked as CVE-2024-56161 (CVSS score of 7.2), in AMD’s Secure Encrypted Virtualization (SEV). An…
Critical Windows OLE Zero-Click Vulnerability Let Attacker to Execute Arbitrary Code
A critical security flaw, identified as CVE-2025-21298, has been disclosed in Microsoft’s Windows Object Linking and Embedding (OLE) technology. This zero-click vulnerability, which carries a CVSS score of 9.8, allows attackers to execute arbitrary code remotely by exploiting Microsoft Outlook…
Hackers Using HTTP Client Tools To Takeover Microsoft 365 Accounts
Hackers have increasingly been using HTTP client tools to orchestrate sophisticated account takeover attacks on Microsoft 365 environments. A staggering 78% of Microsoft 365 tenants have been targeted at least once by such attacks, highlighting the evolving tactics of threat…
Grubhub serves up security incident with a side of needing to change your password
Contact info and partial payment details may be compromised US food and grocery delivery platform Grubhub says a security incident at a third-party service provider is to blame after user data was compromised.… This article has been indexed from The…
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate…
Android Security Update Fixes Linux Kernel RCE Flaw Allow Read/Write Access
On February 3, 2025, Google published its February Android Security Bulletin, which addresses a total of 47 vulnerabilities affecting Android devices. Among these, a critical flaw in the Linux kernel’s USB Video Class (UVC) driver, tracked as CVE-2024-53104, has been…
1- Click RCE Vulnerability in Voyager PHP Allow Attackers Execute Arbitrary Code
A recently disclosed security vulnerability in the Voyager PHP package, a popular tool for managing Laravel applications, has raised significant concerns regarding the potential for remote code execution (RCE) on affected servers. This vulnerability, identified through ongoing security scans using…
Apache Cassandra Vulnerability Allows Attackers to Gain Access Data Centers
In a recent security advisory, a moderate-severity vulnerability has been identified in Apache Cassandra, potentially allowing unauthorized users to access restricted data centers or IP/CIDR groups. This flaw, designated CVE-2025-24860, affects multiple versions of the database management system, specifically those…
Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC Vulnerability: Incorrect Calculation of Buffer Size 2. RISK EVALUATION Successful exploitation of this vulnerability could…
AutomationDirect C-more EA9 HMI
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-more EA9 HMI Vulnerability: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow…
Schneider Electric Pro-face GP-Pro EX and Remote HMI
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX and Remote HMI Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this…
Schneider Electric Web Designer for Modicon
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Web Designer for Modicon Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information…
Schneider Electric Modicon M340 and BMXNOE0100/0110, BMXNOR0200H
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and BMXNOE0100/0110, BMXNOR0200H Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could…
Top 15 Cloud Compliance Tools in 2025
Explore the top 15 cloud compliance tools in 2025 that you can leverage to protect your organization and customer data. The post Top 15 Cloud Compliance Tools in 2025 appeared first on Scytale. The post Top 15 Cloud Compliance Tools…
OpenSSL 3.5 Release Announcement
The freeze date for OpenSSL 3.5 Alpha is rapidly approaching. If you have a feature on the planning page, please ensure that your associated PRs are posted, reviewed, and ready to be merged before the include/exclude decision date (Tuesday, February…
ANY.RUN Enhances Malware Detection and Performance to Combat 2025 Cyber Threats
As cyber threats grow more sophisticated, ANY.RUN has unveiled a series of updates aimed at improving malware detection, analysis, and overall performance of its platform. These updates, implemented in January 2025, focus on optimizing the platform’s core functionality, enhancing detection…
The best malware removal software of 2025: Expert tested and reviewed
If you want additional ransomware protection on your machine, you should use one that offers thorough scans, a user-friendly interface, and compatibility with your preferred operating system. This article has been indexed from Latest stories for ZDNET in Security Read…
Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
FortiGuard Labs reverse engineers a malware’s binaries to look into what the malware is actually doing. This article has been indexed from Fortinet Threat Research Blog Read the original article: Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst