Latest News

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ACS880 Drives with IEC 61131-3 license Vulnerabilities: Improper Input Validation, Out-of-bounds Write, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the device or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports that the following low-voltage DC drive and power controller products contain a vulnerable version of CODESYS Runtime: ABB ACS880 Drives ACS880 Primary Control Program AINLX: Versions prior to v3.47 ABB ACS880 Drives ACS880 Primary Control Program YINLX: Versions prior to v1.30 ABB ACS880 Drives ACS880 IGBT Supply Control Program AISLX: Versions prior to v3.43 ABB ACS880 Drives ACS880 IGBT Supply Control Program ALHLX: Versions prior to v3.43 ABB ACS880 Drives ACS880 IGBT Supply...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: DCT880 memory unit incl. ABB Drive Application Builder license (IEC 61131-3), DCT880 memory unit incl. Power Optimizer, DCS880 memory unit incl. ABB Drive Application Builder license (IEC 61131-3), DCS880 memory unit incl. DEMag, DCS880 memory unit incl. DCC Vulnerabilities: Improper Input Validation, Out-of-bounds Write, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to trigger a denial-of-service condition or execute arbitrary code over the fieldbus interfaces. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports that the following low-voltage DC drive and power controller products contain a vulnerable version of the CODESYS Runtime: DCT880 memory unit incl. ABB Drive Application Builder license (IEC 61131-3): All versions DCT880 memory unit incl. Pow...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerabilities: Null Pointer Dereference, Insufficient Resource Pool, Missing Synchronization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi Energy products are affected: RTU500 series CMU: Versions 12.0.1 - 12.0.14 (CVE-2024-10037) RTU500 series CMU: Versions 12.2.1 - 12.2.12 (CVE-2024-10037) RTU500 series CMU: Versions 12.4.1 - 12.4.11 (CVE-2024-10037) RTU500 series CMU: Versions 12.6.1 - 12.6.10 (CVE-2024-10037) RTU500 series CMU: Versions 12.7.1 - 12.7.7 (CVE-2024-10037) RTU500 series CMU: Versions 13.2.1 - 13.2.7 (CVE-2024-10037) RTU500 series CMU: Versions 13.4.1 - 13.4.4 (CVE-2024-10037, CVE-2024-11499, CVE-2024-12169) RTU500 series CMU: Versions 13.5.1 - 13.5.3 (CVE-2024-10037, CVE-2024-...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: TRMTracker Vulnerabilities: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection'), Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute limited remote commands, poison web-cache, or disclose and modify sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products are affected: TRMTracker: Versions 6.2.04 and prior TRMTracker: Versions 6.3.0 and 6.3.01 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') CWE-90 The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an att...

Cybersecurity researcher Jeremiah Fowler uncovers a massive 47.8GB database with disturbing AI-generated content belonging to GenNomis.

The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it's also giving cybercriminals smarter ways to attack. They’re moving quicker, targeting more precisely, and slipping past old defenses without being noticed. And here's the harsh truth: If your security strategy hasn’t evolved with AI in mind, you’re already behind. But you’re not alone—and

AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles. Imagine this all-too-familiar scenario: A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of security

Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to achieve a denial-of-service (DoS) or send arbitrary files to a target's device without their approval. The flaw, tracked as CVE-2024-10668 (CVSS score: 5.9), is a bypass for two of the 10 shortcomings that were originally disclosed by

Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada. "More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia," Kaspersky said in a report. The infections were recorded between March 13 and 27, 2025.  Triada is the

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.