#auth

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: FBXi, FBVi, FBTi, CBXi Vulnerabilities: Use of Hard-coded Credentials, Improper Validation of Specified Type of Input, Use of a One-Way Hash without a Salt 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take remote control of the product, insert and run arbitrary code, and crash the device being accessed. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ABB FLXeon products are affected: FBXi-8R8-X96 (2CQG201028R1011): Versions 9.3.5 and prior FBXi-8R8-H-X96 (2CQG201029R1011): Versions 9.3.5 and prior FBXi-X256 (2CQG201014R1021): Versions 9.3.5 and prior FBXi-X48 (2CQG201018R1021): Versions 9.3.5 and prior FBXi-8R8-X96-S (2CQG201606R1011): Versions 9.3.5 and prior FBVi-2U4-4T (2CQG201015R1021 ): Versions 9.3.5 and prior FBVi-2U4-4T-IMP (2CQG201016R1021): Versions 9.3.5 and prior FBVi-2U4-4T-SI: Versions 9.3.5 and ...

Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI organizations in

Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors. The result is a global system where every digital weakness can be turned into physical harm, economic loss, or political

This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions.

SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. "The malicious activity – carried out by a state-sponsored threat actor - was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call," the company said in a

Nikkei confirms breach after a virus infected an employee PC, exposing 17,368 names and Slack chat histories. The media giant reported the incident voluntarily.

### Summary ZITADEL's Organization V2Beta API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users with specific **administrator** roles within one organization to access and modify data belonging to **other** organizations. ### Impact ZITADEL's Organization V2Beta API, intended for managing ZITADEL organizations, contains multiple endpoints that fail to properly authorize authenticated users. An attacker with an administrator role for a specific organization could exploit this to bypass access controls and perform unauthorized actions on other organizations within the same ZITADEL instance. This could allow an attacker to: - **Read** organization data, including the name, domains and metadata. - **Manipulate** (modify) the corresponding organization data. - **Delete** the corresponding data, up to and including the entire organization. Note that this vulnerability is limited to organization-level data (name, domains, metadata). **No oth...

An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote, unauthenticated attacker to read sensitive files from the server's filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable.

In addition to affordability, New York City’s mayor-elect will be forced to reckon with the NYPD’s sweeping mass surveillance operations.

JFrog researchers found a critical RCE vulnerability (CVE-2025-11953) in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw.