Latest News
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Low attack complexity Vendor: U-Boot Equipment: U-Boot Vulnerability: Improper Access Control for Volatile Memory Containing Boot Code 2. RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of U-boot is affected: U-boot: All versions prior to 2017.11 The following specific chips have been confirmed to be affected: Qualcomm IPQ4019 Qualcomm IPQ5018 Qualcomm IPQ5322 Qualcomm IPQ6018 Qualcomm IPQ8064 Qualcomm IPQ8074 Qualcomm IPQ9574 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER ACCESS CONTROL FOR VOLATILE MEMORY CONTAINING BOOT CODE CWE-1274 The affected products are vulnerable to a bootloader vulnerability, which could allow an attacker to execute arbitrary code. CVE-2025-24857 has been assigned to this vulnerability. A CVSS v3 base score of 8.4 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:...
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo SE & Co. KG Equipment: LX Appliance Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a user of LX Appliance with a high privilege account to craft a malicious course and launch an XSS attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Festo reports that the following products are affected: Festo Software LX Appliance: Versions prior to June 2023 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 The "src" attribute of the "track" tag allows a malicious user to bypass HTML escaping and execute arbitrary code. This affects the package video.js before 7.14.3. CVE-2021-23414 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). 3.3 BAC...
Attackers are blending automation, impersonation, and social engineering to get inside organizations. Here’s how to spot the signs.
Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement such approaches, according to Accenture. When products can’t communicate, real-time access decisions break down. The
Google on Monday announced a set of new security features in Chrome, following the company's addition of agentic artificial intelligence (AI) capabilities to the web browser. To that end, the tech giant said it has implemented layered defenses to make it harder for bad actors to exploit indirect prompt injections that arise as a result of exposure to untrusted web content and inflict harm. Chief
Cisco Talos has uncovered a new DeadLock ransomware campaign using a previously unknown BYOVD loader to exploit a Baidu Antivirus driver vulnerability, letting threat actors disable EDR defenses and escalate attacks.
Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565. Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. The campaign is assessed with high confidence to share overlaps with a hacking group known as Gold Blade, which is also
Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence (AI)-powered coding assistant, but, in actuality, harbor covert functionality to download additional payloads, take
Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.