Latest News
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.7 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: EIP Builder Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to potentially process dangerous external entities, resulting in disclosure of sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Delta Electronics products are affected: EIP Builder: Versions 1.11 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 The affected product is vulnerable to an XML external entity vulnerability, which could allow an attacker to disclose sensitive information. CVE-2025-57704 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2025-57704. A base scor...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: FRENIC-Loader 4 Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Fuji Electric products are affected: FRENIC-Loader 4: Versions prior to 1.4.0.1 3.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 The affected product is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code. CVE-2025-9365 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-9365. A base score of 8.4 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/...
Leaked ChatGPT chats reveal users sharing sensitive data, resumes, and seeking advice on mental health, exposing risks of…
In this type of misconfiguration, cyberattackers could use exposed secrets to authenticate directly via Microsoft’s OAuth 2.0 endpoints and infiltrate Azure cloud environments.
The Harsh Truths of AI Adoption MITs State of AI in Business report revealed that while 40% of organizations have purchased enterprise LLM subscriptions, over 90% of employees are actively using AI tools in their daily work. Similarly, research from Harmonic Security found that 45.4% of sensitive AI interactions are coming from personal email accounts, where employees are bypassing corporate
Cybersecurity researchers have flagged a Ukrainian IP network for engaging in massive brute-force and password spraying campaigns targeting SSL VPN and RDP devices between June and July 2025. The activity originated from a Ukraine-based autonomous system FDN3 (AS211736), per French cybersecurity company Intrinsec. "We believe with a high level of confidence that FDN3 is part of a wider abusive
The United States Constitution is clear: President Donald Trump can’t take control of the country’s elections. But he can sow confusion and fear.
Check Point reports Silver Fox APT using a signed WatchDog driver flaw to disable Windows security and deliver…
The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a Bring Your Own Vulnerable Driver (BYOVD) attack aimed at disarming security solutions installed on compromised hosts. The vulnerable driver in question is "amsdk.sys" (version 1.0.600), a 64-bit, validly signed Windows kernel device driver
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems. The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, and README descriptions, attracting a total of 347