Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Cisco Warns of Credential Vuln on AWS, Azure, Oracle Cloud

The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same.

DARKReading
#vulnerability#cisco#oracle#aws
Everyone's on the cyber target list

In this week's newsletter, Martin emphasizes that awareness, basic cyber hygiene and preparation are essential for everyone, and highlights Talos' discovery of the new PathWiper malware.

Unsecured Database Exposes Data of 3.6 Million Passion.io Creators

A massive data leak has put the personal information of over 3.6 million app creators, influencers, and entrepreneurs…

GHSA-g3p6-82vc-43jh: Yii 2 Redis may expose AUTH paramters in logs in case of connection failure

### Impact On failing connection extension writes commands sequence to logs. AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs.

Questions Swirl Around ConnectWise Flaw Used in Attacks

ConnectWise issued a patch to stave off attacks on ScreenConnect customers, but the company's disclosures don't explain what the vulnerability is and when it was first exploited.

Nearly 94 Billion Stolen Cookies Found on Dark Web

Cybersecurity experts warn of widespread data exposure as a recent investigation reveals a staggering number of internet cookies…

Hitachi Energy Relion 670, 650 Series and SAM600-IO Product

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670, Relion 650, SAM600-IO Vulnerabilities: Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption on the products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Relion 670/650/SAM600-IO series: Version 2.2.5 revisions up to 2.2.5.1 Relion 670/650 series: Version 2.2.4 revisions up to 2.2.4.2 Relion 670 series: Version 2.2.3 revisions up to 2.2.3.4 Relion 670 series: Version 2.2.2 revisions up to 2.2.2.4 Relion 670/650/SAM600-IO series: Version 2.2.1 revisions up to 2.2.1.7 Relion 670/650 series version 2.2.0: All revisions Relion 670/650 series version 2.1: All revisions Relion 670 series version 2.0: All revisions Relion 670 series version 1.2: All revisions Relion 670 series version 1.1: All r...

CyberData 011209 SIP Emergency Intercom

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: CyberData Equipment: 011209 SIP Emergency Intercom Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, SQL Injection, Insufficiently Protected Credentials, Path Traversal: '.../...//' 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or achieve code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following CyberData products are affected: 011209 SIP Emergency Intercom: Versions prior to 22.0.1 3.2 VULNERABILITY OVERVIEW 3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path. CVE-2025-30184 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calcu...

Ransomware hiding in fake AI, business tools

Ransomware has been discovered by security researchers in fake installers posing as Chat GPT, Nova Leads, and InVideo AI.

Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation

Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still ask the same question: what is the business getting in return? CISOs respond with reports on controls and vulnerability counts – but executives want to understand risk in terms of financial exposure, operational impact, and avoiding loss. The