Latest News
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Westermo Network Technologies Equipment: WeOS 5 Vulnerability: Improper Validation of Syntactic Correctness of Input 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the device to reboot. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Westermo reports following versions of WeOS 5, an industrial network operating system, are affected: WeOS 5: Versions 5.23.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER VALIDATION OF SYNTACTIC CORRECTNESS OF INPUT CWE-1286 When configured for IPSec, a Westermo device running WeOS 5 could be vulnerable to a denial-of-service attack. A specifically crafted ESP packet could trigger an immediate reboot of the device. CVE-2025-46419 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.9 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). A CVSS v4 score has also been calculated for CVE-202...
Hackers are posing as Empire podcast hosts, tricking crypto influencers and developers with fake interview invites to deliver macOS AMOS Stealer malware.
Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems. "SilentSync is capable of remote command execution, file exfiltration, and screen capturing," Zscaler ThreatLabz's Manisha Ramcharan Prajapati and Satyam Singh said. "SilentSync also extracts
AI’s growing role in enterprise environments has heightened the urgency for Chief Information Security Officers (CISOs) to drive effective AI governance. When it comes to any emerging technology, governance is hard – but effective governance is even harder. The first instinct for most organizations is to respond with rigid policies. Write a policy document, circulate a set of restrictions, and
Scammers are now using “SMS blasters” to send out up to 100,000 texts per hour to phones that are tricked into thinking the devices are cell towers. Your wireless carrier is powerless to stop them.
In the current cycle, Bitcoin has anchored most of the capital inflow. In 2025, 66% of investors selected…
Google has issued a Chrome update to fix four high priority flaws including one zero-day, zero-click vulnerability.
Infoblox links Vane Viper to PropellerAds, exposing a global malvertising network posing as adtech while spreading malware and running online scams.
Discover how a Cisco Talos Incident Response expert transitioned from philosophy to the high-stakes world of incident command, offering candid insights into managing burnout and finding a supportive team.
OpenAI is going to try and predict the ages of its users to protect them better, as stories of AI-induced harms in children mount.