Latest News

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Linx Vulnerabilities: Privilege Chaining 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow full access to all files, processes, and system resources. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following versions of the FactoryTalk Linx control system data communications platform are affected: FactoryTalk Linx: Versions 6.40 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 PRIVILEGE CHAINING CWE-268 A security issue exists within the x86 Microsoft Installer File (MSI), which is installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This allows the launching of a command prompt running with SYSTEM-level privileges, which provides full access to all files, processes, and system resources. CVE-2025-9067 has been assig...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk ViewPoint Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated attackers to achieve XML external entity injection, resulting in a temporary denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following versions of PanelView Plus (which interacts with FactoryTalk ViewPoint) are affected by this vulnerability: PanelView Plus 7 Terminal: Version 14 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Restriction of XML External Entity Reference CWE-611 A security issue was discovered within FactoryTalk ViewPoint, allowing unauthenticated attackers to achieve XML external entity injection. Certain SOAP requests can be abused resulting in a temporary denial-of-service. CVE-2025-9066 has b...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View Machine Edition and PanelView Plus 7 Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to access to the device's file system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7 are affected: FactoryTalk View Machine Edition: Versions prior to V15.00 (CVE-2025-9064) PanelView Plus 7: Version V14.100 (CVE-2025-9063) 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22 A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the ...

Scaling the SOC with AI - Why now?  Security Operations Centers (SOCs) are under unprecedented pressure. According to SACR’s AI-SOC Market Landscape 2025, the average organization now faces around 960 alerts per day, while large enterprises manage more than 3,000 alerts daily from an average of 28 different tools. Nearly 40% of those alerts go uninvestigated, and 61% of security teams admit

Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, codenamed Operation Zero Disco by Trend Micro, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple

The Cofense Phishing Defense Centre warns of a new tech support scam using Microsoft’s brand to lock browsers and steal data. Learn how the attack uses fake 'payment lures' and urgent security alerts to trick victims into calling a fraudulent support number.

Penetration testing helps organizations ensure IT systems are secure, but it should never be treated in a one-size-fits-all approach. Traditional approaches can be rigid and cost your organization time and money – while producing inferior results.  The benefits of pen testing are clear. By empowering “white hat” hackers to attempt to breach your system using similar tools and techniques to

The fashion retailer says a breach at a marketing partner exposed limited contact details—but no financial data or passwords.

Florida claims Roku ignored clear signs its users were minors, collecting and selling viewing habits, voice recordings and precise locations.

Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea (DPRK).