Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Siemens OPC UA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: OPC UA Vulnerabilities: Observable Timing Discrepancy, Authentication Bypass by Primary Weakness 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass application authentication and gain access to the data managed by the server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Industrial Edge for Machine Tools (formerly known as "SINUMERIK Edge"): All versions (CVE-2024-42513) SIMIT V11: All versions (CVE-2024-42512) SIMATIC BRAUMAT: All versions from V8.0 SP1 up ...

us-cert
Open in Source
#vulnerability#web#mac#auth
Abusing with style: Leveraging cascading style sheets for evasion and tracking

Cascading Style Sheets (CSS) are ever present in modern day web browsing, however its far from their own use. This blog will detail the ways adversaries use CSS in email campaigns for evasion and tracking.

Chinese Volt Typhoon Hackers Infiltrated US Electric Utility for Nearly a Year

Dragos reveals Volt Typhoon hackers infiltrated a US electric utility for 300 days, collecting sensitive data. Learn how this cyberattack threatens infrastructure.

Picklescan Vulnerabilities Could Let Hackers Bypass AI Security Checks

Sonatype researchers uncover critical vulnerabilities in picklescan. Learn how these flaws impact AI model security, Hugging Face, and…

Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacks”

Apple has patched a vulnerability in iOS and iPadOS that was under active exploitation in extremely sophisticated attacks.

GHSA-3wgq-h4fr-cwg5: laravel-crud-wizard-free has File Validation Bypass

### Impact Medium ### Patches Version 3.4.17 fixes illuminate/validation v 8.0.0 to 11.44.0 ### Workarounds Register \MacropaySolutions\LaravelCrudWizard\Providers\ValidationServiceProvider instead of Illuminate\Validation\ValidationServiceProvider::class if you are using illuminate/validation < 11.44.1 ### References https://github.com/laravel/framework/security/advisories/GHSA-78fx-h6xr-vch4

The dark side of sports betting: How mirror sites help gambling scams thrive 

Sports betting is a multi-billion-dollar industry, but behind the flashing lights and promises of easy money lies a hidden underworld of deception.

CVE-2025-24201: Chromium: CVE-2025-24201 Out of bounds write in GPU on Mac

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 134.0.3124.62 3/12//2025 134.0.6998.89

Lazarus Group Hid Backdoor in Fake npm Packages in Latest Attack

Lazarus Group targets developers with malicious npm packages, stealing credentials, crypto, and installing backdoor. Stay alert to protect your projects.