Latest News

Since December 2023, the threat group has preyed on domains belonging to the US Centers for Disease Control and Prevention (CDC) and numerous other reputable organizations worldwide to redirect users to malicious sites.

Organizations that stay ahead of attacks won't be the most compliant ones — they'll be the ones most honest about what actually works.

Researchers discovered a phishing attack in the wild that takes multiple well-tread technologies like open source packages and AES encryption and combines them.

Weeks after LockBit ransomware breach, leaked data reveals how affiliates generate ransomware, set ransom demands, and often walk away unpaid.

High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder. "The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content," Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas

Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. "These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3

The bankrupt 23andMe, along with all of its genetic data, has been bought by US drugmaker Regeneron Pharmaceuticals.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Siveillance Video Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could remove password protection from the system configuration files, also affecting backup data sets that were created after the update to V2024 R1. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Siveillance Video: Versions V24.1 and later 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 Milestone Systems has discovered a security vulnerability in Milest...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric Equipment: ICONICS Product Suite and Mitsubishi Electric MC Works64 Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information tampering on the target workstation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric Iconics Digital Solutions reports that the following versions of ICONICS Product Suite and Mitsubishi Electric MC Works64 are affected: GENESIS64 AlarmWorX Multimedia (AlarmWorX64 MMX): All Versions Mitsubishi Electric MC Works64 AlarmWorX Multimedia (AlarmWorX64 MMX): All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250 An execution with unnecessary privileges vulnerability in the AlarmWorX64 MMX Pager agent can provide the potential for information tampering. An attacker could make an unau...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely Vendor: Danfoss Equipment: AK-SM 8xxA Series Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could enable a remote attacker to bypass authentication and execute arbitrary code remotely. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AK-SM 800A system manager are affected: AK-SM 8xxA Series: Versions prior to R4.2 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER AUTHENTICATION CWE-287 An unauthorized access vulnerability, caused by datetime-based password generation, could potentially result in an authentication bypass. CVE-2025-41450 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H). A CVSS v4 score has also been calculated for CVE-2025-41450. A base score of 7.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:H/...