#cisco

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M580, Modicon M340, Modicon Premium, and Modicon Quantum Vulnerabilities: Trust Boundary Violation, Uncaught Exception, Exposure of Sensitive Information to an Unauthorized Actor, Authentication Bypass by Spoofing, Improper Access Control, Reliance on Untrusted Inputs in a Security Decision, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may risk execution of unsolicited command on the PLC, which could result in a loss of availability of the controller. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Modicon M580: All versions prior to 2.90 (CVE-2018-7846, CVE-2018-7849, CVE-2018-7848, CVE-2018-7842, CVE-2018-7847, CVE-2018-7850, CVE-2018-7853, CVE-2018-7854, CVE-2019-6808, CVE-2019-6828, CVE-2019-6829, CVE-2019-6809) Modicon Momentum CPU (pa...

Lattica’s cloud-based solution uses Fully Homomorphic Encryption to query encrypted data on AI models without decrypting it, preserving privacy and bolstering security.

Cisco Talos discovered a sophisticated attack on critical infrastructure by ToyMaker and Cactus, using the LAGTOY backdoor to orchestrate a relentless double extortion scheme.

Terrance, United States / California, 22nd April 2025, CyberNewsWire

Threat actors are exploiting bulletproof hosting service Proton66 for malicious activities, including campaigns from SuperBlack ransomware operators, Android…

Morphisec discovers a new malware threat ResolverRAT, that combines advanced methods for running code directly in computer memory,…

Kaspersky researchers report the reappearance of MysterySnail RAT, a malware linked to Chinese IronHusky APT, targeting Mongolia and…

Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan

Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis.

Security researchers report CVE-2025-32433, a CVSS 10.0 RCE vulnerability in Erlang/OTP SSH, allowing unauthenticated code execution on exposed…