Latest News

SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary commands on susceptible systems. The vulnerability, tracked as CVE-2025-26399 (CVSS score: 9.8), has been described as an instance of deserialization of untrusted data that could result in code execution. It affects

Austin, Texas, USA, 23rd September 2025, CyberNewsWire

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Low attack complexity Vendor: Viessmann Equipment: Vitogate 300 Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Client-Side Enforcement of Server-Side Security 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify an intended OS command when it is sent to a downstream component, or allow an attacker to cause unexpected interactions between the client and server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Viessmann Vitogate 300 are affected: Vitogate 300: Versions prior to 3.1.0.1 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-78 Vitogate 300 constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could m...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: SESU Vulnerability: Improper Link Resolution Before File Access ('Link Following') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary data to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of service when a low-privileged attacker tampers with the installation folder. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric SESU: <3.0.12 Schneider Electric SESU installed on Schneider Electric BESS ANSI: SESU versions prior to 3.0.12 Schneider Electric SESU installed on Schneider Electric Easergy MiCOM P30: SESU versions prior to 3.0.12 Schneider Electric SESU installed on Schneider Electric Easergy MiCOM P40: SESU ve...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: CLICK PLUS Vulnerabilities: Cleartext Storage of Sensitive Information, Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Cryptographic Algorithm, Predictable Seed in Pseudo-Random Number Generator, Improper Resource Shutdown or Release, Missing Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities disclose sensitive information, modify device settings, escalate privileges, or cause a denial-of-service condition on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AutomationDirect products are affected: CLICK PLUS C0-0x CPU firmware: Versions prior to v3.71 CLICK PLUS C0-1x CPU firmware: Versions prior to v3.71 CLICK PLUS C2-x CPU firmware: Versions prior to v3.71 3.2 VULNERABILITY OVERVIEW 3.2.1 Cleartext Storage of Sensitive Information CWE-312 Cleartext storage of sensitive information...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3.1 6.8 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC-Q Series CPU module Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial of service (DoS). 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric MELSEC-Q Series CPU modules are affected: MELSEC-Q Series Q03UDVCPU: The first 5 digits of serial No. '24082' to '27081' MELSEC-Q Series Q04UDVCPU: The first 5 digits of serial No. '24082' to '27081' MELSEC-Q Series Q06UDVCPU: The first 5 digits of serial No. '24082' to '27081' MELSEC-Q Series Q13UDVCPU: The first 5 digits of serial No. '24082' to '27081' MELSEC-Q Series Q26UDVCPU: The first 5 digits of serial No. '24082' to '27081' MELSEC-Q Series Q04UDPVCPU: The first 5 digits of serial No. '24082' to '27081' MELSEC-Q Series Q06UDPVCPU: The first 5 digits of serial No...

Travel Mode not only hides your most sensitive data—it acts as if that data never existed in the first place.

Big companies are getting smaller, and their CEOs want everyone to know it. Wells Fargo has cut its workforce by 23% over five years, Bank of America has shed 88,000 employees since 2010, and Verizon's CEO recently boasted that headcount is "going down all the time." What was once a sign of corporate distress has become a badge of honor, with executives celebrating lean operations and AI-driven

Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web Services (AWS) cloud servers to deploy a Go-based malware that turns infected systems into attack nodes

The Inc ransomware gang claims to have stolen 5.7 TB of data from the Pennsylvania Attorney General's office in an August 2025 attack. Find out how the breach unfolded, why government agencies are a top target, and what this means for citizens.