Tag
Choicejacking is a new USB attack that tricks phones into sharing data at public charging stations, bypassing security prompts in milliseconds.
React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype pollution to AI-generated code, bypassing the very frameworks designed to keep applications secure. Full 47-page guide with framework-specific defenses (PDF, free). JavaScript conquered the web, but with
Arizona woman jailed 8.5 years for aiding North Korea's $17 million IT job scam, defrauding over 300 US companies. Learn how to protect your business from such sophisticated cybersecurity threats.
Phishers are using legitimate looking Instagram emails in order to scam users.
KrebsOnSecurity recently heard from a reader whose boss's email account got phished and was used to trick one of the company's customers into sending a large payment to scammers. An investigation into the attacker's infrastructure points to a long-running Nigerian cybercrime group that is actively targeting established companies in the transportation and aviation industries.
Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution. The two vulnerabilities impacting Sophos Firewall are listed below - CVE-2025-6704 (CVSS score: 9.8) - An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature can lead
FBI warns of Interlock ransomware using unique tactics to hit businesses and critical infrastructure with double extortion.
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Schneider Electric Equipment: EcoStruxure Power Operation Vulnerabilities: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'), Integer Overflow to Buffer Overflow, Improper Handling of Highly Compressed Data (Data Amplification), Out-of-bounds Write, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in the loss of system functionality or unauthorized access to system functions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following products use an affected version of the PostgreSQL database server: EcoStruxure Power Operation (EPO): 2022 CU6 and prior EcoStruxure Power Operation (EPO): 2024 CU1 and prior 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Directives in Dynamically Evaluated C...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure IT Data Center Expert Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Insufficient Entropy, Improper Control of Generation of Code ('Code Injection'), Server-Side Request Forgery (SSRF), Improper Privilege Management, and Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disrupt operations and access system data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following product is affected: EcoStruxure IT Data Center Expert: Versions v8.3 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 An improper neutralization of special elements used in an OS command ('OS command i...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could provide other authenticated users with potentially inappropriate access to TGML diagrams. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following products are affected: EcoStruxure Power Monitoring Expert (PME): 2023 EcoStruxure Power Monitoring Expert (PME): 2023 R2 EcoStruxure Power Monitoring Expert (PME): 2024 EcoStruxure Power Monitoring Expert (PME): 2024 R2 EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module: 2022 EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module: 2024 3.2 Vulnerability Overview 3.2.1 EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668 A resource exposure vulnera...