Latest News
Cybercrime forum XSS is back online on its mirror and dark web domains just one day after seizure and admin arrest, but questions about its full return remain unanswered.
With more platforms and governments asking for age verification, we look at the options and the implications.
Lower rates for creating unique passwords, buying items from known websites, and using protection software leave iPhone users at risk to online scams.
Malwarebytes Trusted Advisor has had an update, and it's now sharper, smarter, and more helpful than ever.
Brave browser now blocks Microsoft Recall by default, preventing screenshots and protecting users’ browsing history on Windows 11.
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion PKS Vulnerabilities: Use of Uninitialized Variable, Improper Restriction of Operations within the Bounds of a Memory Buffer, Sensitive Information in Resource Not Removed Before Reuse, Integer Underflow (Wrap or Wraparound), Deployment of Wrong Handler 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in information exposure, denial of service, or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Honeywell reports these vulnerabilities affect the following: Experion PKS: All releases prior to R520.2 TCU9 Hot Fix 1 Experion PKS: All releases prior to R530 TCU3 Hot Fix 1 3.2 Vulnerability Overview 3.2.1 Use of Uninitialized Variable CWE-457 The Honeywell Experion PKS contains an uninitialized variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnera...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Network Thermostat Equipment: X-Series WiFi thermostats Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full administrative access to the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Network Thermostat product is affected: X-Series WiFi thermostats: Versions v4.5 up to but not including v4.6 X-Series WiFi thermostats: Versions v9.6 up to but not including v9.46 X-Series WiFi thermostats: Versions v10.1 up to but not including v10.29 X-Series WiFi thermostats: Versions v11.1 up to but not including v11.5 3.2 Vulnerability Overview 3.2.1 Missing Authentication for Critical Function CWE-306 The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the Local Area Network or from the...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION: Exploitable from a local network Vendor: Mitsubishi Electric Equipment: CNC Series Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code by getting setup-launcher to load a malicious DLL. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric CNC Series are affected: NC Designer2: All versions NC Designer: All versions NC Configurator2: All versions NC Analyzer2: All versions NC Analyzer: All versions NC Explorer: All versions NC Monitor2: All versions NC Monitor: All versions NC Trainer2: "AB" and prior NC Trainer2 plus: "AB" and prior NC Trainer: All versions NC Trainer plus: All versions NC Visualizer: All versions Remote Monitor Tool: All versions MS Configurator: All versions Mitsubishi Electric Numerical Control Device Communication Software (FCSB1224): All versions Mitsubishi Electric ...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely Vendor: LG Innotek Equipment: Camera Model LNV5110R Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following model of LG Innotek CCTV Camera is affected: LNV5110R: All versions 3.2 Vulnerability Overview 3.2.1 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288 An authentication vulnerability exists in the LG Innotek camera model LNV5110R firmware that allows a malicious actor to upload an HTTP POST request to the devices non-volatile storage. This action may result in remote code execution that allows an attacker to run arbitrary commands on the target device at the administrator privilege level. CVE-2025-7742 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculate...
Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud,