Tag
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.4 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Trio Q Licensed Data Radio Vulnerabilities: Insecure Storage of Sensitive Information, Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access confidential information, compromise the integrity, or affect the availability of the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric Trio Q Licensed Data Radio: Versions prior to 2.7.2 3.2 VULNERABILITY OVERVIEW 3.2.1 INSECURE STORAGE OF SENSITIVE INFORMATION CWE-922 An insecure storage of sensitive information vulnerability exists that could potentially lead to unauthorized access to confidential data when a malicious user with physical access and advanced knowledge of the filesystem sets the radio to factory default mode. CVE-2025-24...
A new variant of the hello pervert emails claims that the target's system is infected with njRAT and spoofs the victims email address
Hertz confirms data breach linked to Cleo software flaw; Cl0p ransomware group leaked stolen data, exposing names, driver’s…
CloudSEK uncovers a sophisticated malware campaign where attackers impersonate PDFCandy.com to distribute the ArechClient2 information stealer. Learn how…
AI code tools often hallucinate fake packages, creating a new threat called slopsquatting that attackers can exploit in…
This week, our Year in Review spotlight is on ransomware—where low-profile tactics led to high-impact consequences. Download our 2 page ransomware summary, or watch our 55 second video.
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs's employer SentinelOne, comes as CISA is facing huge funding and staffing cuts.
ReversingLabs reveals a malicious npm package targeting Atomic and Exodus wallets, silently hijacking crypto transfers via software patching.
Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what's seen as a sneakier attempt to stage a software supply chain attack. The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But, in
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.