Latest News

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Asset Suite Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the manipulation of content or the injection of data with the potential of carrying out further malicious attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Asset Suite are affected: Asset Suite: Versions 9.7 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER OUTPUT NEUTRALIZATION FOR LOGS CWE-117 A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting purposes while resolving application performance related issues. CVE-2025-10217 has been assigned to this vulnerabilit...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: Stratix 5700, 5400, 5410, 5200, 5800 Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Stratix 5700 is affected: Stratix 5700: Version v15.2(8)E7 and prior Stratix 5400: Version v15.2(8)E7 and prior Stratix 5410: Version v15.2(8)E7 and prior Stratix 5200: Version v17.17.01 and prior Stratix 5800: Version v17.17.01 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 A third-party vulnerability exists in the affected products. The affected products use Cisco IOS XE Software which contains a vulnerability in the Simple Network Management Protocol (SNMP) subsystem. An authenticated, remote attacker with low privileges could cause a denial-of-Service (DoS) condition...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: Industrial Data Center (IDC) with Cisco Switching, IDC-Managed Support contract with Cisco Switching, Network-Managed Support contract with Cisco network switch, Firewall-Managed Support contract with Cisco firewall Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following Lifecycle Services with Cisco are affected: Industrial Data Center (IDC) with Cisco Switching: Generations 1 - 5 IDC-Managed Support contract with Cisco Switching: Generations 1 - 5 Network-Managed Support contract with Cisco network switch: All versions Firewall-Managed Support contract with Cisco firewall: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 A third-party vulnera...

FortiGuard Labs reveals Chaos-C++, a new Chaos ransomware variant that deletes files over 1.3 GB instead of encrypting them and uses clipboard hijacking to steal cryptocurrency.

Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most companies in 2025 rely on a whole range of software-as-a-service (SaaS) applications to run their operations. However, the security of these applications depends on small pieces of data called tokens. Tokens, like

California just passed 14 new privacy and AI laws. We’re highlighting a few that give users real control over their personal data.

Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool that had not previously been definitively tied to ransomware incidents.   We assess with moderate confidence that this activity can be attributed to threat actor Storm-2603, based on overlapping tools

Hackers are using fake Microsoft Teams installers found in search results and ads to deploy the Oyster backdoor. Learn how to protect your PC from this remote-access threat.

New encryption, wiper, and cryptocurrency-stealing capabilities make the evolving ransomware-as-a-service operation more dangerous than ever.

Russian hackers' adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country's State Service for Special Communications and Information Protection (SSSCIP) said. "Hackers now employ it not only to generate phishing messages, but some of the malware samples we have analyzed show clear signs of being generated