Latest News

When I joined Red Hat in 2019, one of the first blogs that I read was titled “Why CVSS does not equal risk: How to think about risk in your environment”. In summary, it explains why CVSS ≠ Risk: Common Vulnerability Scoring System (CVSS) scores measure the severity of vulnerabilities but don’t capture the unique risks they pose to specific environments. Risk is context-dependent, and organizations must consider factors like exploitability, impact and mitigation to tailor vulnerability management to their needs.Today, many organizations are still measuring the security of their environm

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root code execution via the /api/timeConfig endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating parameters such as tz, timeServerYN, and multiple timeDate fields. The vulnerability exists due to improper input validation in timeConfig.js, where user-supplied data is executed via ChildProcess.exec() without adequate sanitization.

The ABB Cylon FLXeon BACnet controller is vulnerable to an authenticated root command injection. An attacker can exploit the Backup-Restore feature via the /api/upload endpoint to execute arbitrary system commands as root. The issue arises due to improper input validation in upload.js, where user-supplied input is passed to ChildProcess.exec() without adequate sanitization, allowing command injection via the filename parameter.

The ABB Cylon FLXeon BAS controller is vulnerable to authenticated root command execution via the cmds API. An authenticated attacker can execute arbitrary system commands with root privileges.

The Importance of Balancing Cost and Security!

WhatsApp recently revealed a targeted spyware campaign linked to the Israeli firm Paragon, which affected 90 individuals, including…

Researchers uncover a double-entry website skimming attack targeting Casio and 16 other sites. Learn how cybercriminals exploited vulnerabilities to steal sensitive payment data and evade detection.

Plus: WhatsApp discloses nearly 100 targets of spyware, hackers used the AT&T breach to hunt for details on US politicians, and more.

U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker. The vast array of sites in question peddled phishing toolkits and fraud-enabling tools and

BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged