HOME TOOLS TRAINING NEWS CTF EVENTS CRYPTOJAMS CONTACT

NEWS

ALL NEWS - LIST VIEW "click here"

Major News Resources

Bleeping Computer

The Hacker News

FBI News

CISA Alerts & Advisories

Homeland Security News Wire

NSA Press Releases & Statements

New Exploits

Cybersecurity and Infrastructure Security Agency C

TrendMakers Sight Bulb Pro | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to capture sensitive information and execute arbitrary shell commands on the target device as root if connected to the local network segment.
The following versions of the Sight Bulb Pro Firmware are affected:
During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may...
Cybersecurity and Infrastructure Security Agency C

Mitsubishi Electric Air Conditioning Systems | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to control the air conditioning system.
Mitsubishi Electric reports the following air conditioning systems are affected:
An authentication bypass vulnerability exists in Mitsubishi Electric air conditioning systems. An attacker may bypass authentication to control the air conditioning systems illegally or disclose information from them by exploiting this vulnerability. In addition, the attacker may tamper with the fi...
Cybersecurity and Infrastructure Security Agency C

CISA Releases Two Industrial Control Systems Advisories | CISA

CISA released two Industrial Control Systems (ICS) advisories on June 26, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released two Industrial Control Systems (ICS) advisories on June 26, 2025. These advisories provide timely information about current security issues, vulnerabilities, and e...
Cybersecurity and Infrastructure Security Agency C

CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry signif...
Cybersecurity and Infrastructure Security Agency C

Schneider Electric EVLink WallBox | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to gain remote control of the charging station.
Schneider Electric reports that the following products are affected:
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability exists, which could cause arbitrary file writes when an unauthenticated user on the web server manipulates the file path.
CVE-2025-5740 has been assigned to this vulnerability. A CVSS v3.1 base score of 7...
Cybersecurity and Infrastructure Security Agency C

Schneider Electric Modicon Controllers | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the device or cause a denial-of-service condition.
Schneider Electric reports that the following products are affected:
An improper input validation vulnerability exists that could cause a denial-of-service condition when an authenticated malicious user sends an HTTPS request containing invalid data type to the webserver.
CVE-2025-3898 has been assigned to this vulnerability. A CVSS v3...
Cybersecurity and Infrastructure Security Agency C

Parsons AccuWeather Widget | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to insert a malicious link that users might access through the RSS feed.
The following version of AccuWeather and Custom RSS widget are affected:
A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one.
CVE-2025-5015 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculate...
Cybersecurity and Infrastructure Security Agency C

Kaleris Navis N4 Terminal Operating System | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to remotely exploit the operating system, achieve remote code execution, or extract sensitive information.
The following versions of Kaleris Navis N4, a terminal operating system, are affected:
Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability. An unauthenticated attacker can make specially crafted requests to execute arbitrary code on the server.
CVE-2025-2566 has bee...
Cybersecurity and Infrastructure Security Agency C

MICROSENS NMP Web+ | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to gain system access, overwrite files or execute arbitrary code.
The following versions of NMP Web+ are affected:
The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.
CVE-2025-49151 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
A C...
Cybersecurity and Infrastructure Security Agency C

New Guidance Released for Reducing Memory-Related Vulnerabilities | CISA

Today, CISA, in partnership with the National Security Agency (NSA), released a joint guide on reducing memory-related vulnerabilities in modern software development. 
Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adopting memory safe languages (MSLs) offers the most comprehensive mitigation against this class of vulnerabilities and provides built-in safeguards that enhance security by design. 
CISA’s Secure by Design program advocates for int...
Cybersecurity and Infrastructure Security Agency C

CISA Releases Eight Industrial Control Systems Advisories | CISA

CISA released eight Industrial Control Systems (ICS) advisories on June 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released eight Industrial Control Systems (ICS) advisories on June 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, a...
Cybersecurity and Infrastructure Security Agency C

Delta Electronics CNCSoft | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current process.
Delta Electronics reports the following versions of CNCSoft, a human-machine interface, are affected:
Delta Electronics CNCSoft does not properly validate user-supplied files. If a user opens a maliciously crafted file, an attacker can leverage this vulnerability to execute code within the context of the current process.
CVE-2025-47724 has been assigned to...
Cybersecurity and Infrastructure Security Agency C

ControlID iDSecure On-Premises | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, retrieve information, leak arbitrary data, or perform SQL injections.
The following versions of ControlID iDSecure On-premises, a vehicle control software, are affected:
ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an Improper Authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product.
CVE-2025-49...
Cybersecurity and Infrastructure Security Agency C

Siemens Mendix Studio Pro | CISA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
Successful exploitation of this vulnerability could allow an attacker to write or modify arbitrary files in directories outside a developer's project directory.
Siemens report...
Cybersecurity and Infrastructure Security Agency C

Fuji Electric Smart Editor | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code.
The following Fuji Electric products are affected:
The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
CVE-2025-32412 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-20...
Cybersecurity and Infrastructure Security Agency C

CISA Releases Five Industrial Control Systems Advisories | CISA

CISA released five Industrial Control Systems (ICS) advisories on June 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released five Industrial Control Systems (ICS) advisories on June 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and...
Cybersecurity and Infrastructure Security Agency C

Dover Fueling Solutions ProGauge MagLink LX Consoles | CISA

View CSAF
Successful exploitation of this vulnerability could result in an attacker gaining control of the monitoring device, manipulating fueling operations, deleting system configurations, or deploying malware.
The following versions of ProGauge MagLink LX, a fuel and water tank monitor, are affected:
The device exposes an undocumented and unauthenticated Target Communication Framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote...
Cybersecurity and Infrastructure Security Agency C

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry signif...
Cybersecurity and Infrastructure Security Agency C

LS Electric GMWin 4 | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code.
The following versions of LS Electric GMWin 4, a programming software tool, are affected:
A Heap-based Buffer Overflow vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the e...
Cybersecurity and Infrastructure Security Agency C

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry sig...
Cybersecurity and Infrastructure Security Agency C

Siemens Energy Services | CISA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
Successful exploitation of this vulnerability could allow an attacker to gain remote control of the G5DFR component and tamper outputs from the device.
Siemens reports that th...
Cybersecurity and Infrastructure Security Agency C

Siemens SCALANCE and RUGGEDCOM | CISA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
Successful exploitation of this vulnerability could allow an attacker to perform actions that exceed the permissions of the "guest" role.
Siemens reports that the following pr...
Cybersecurity and Infrastructure Security Agency C

CISA Releases Cybersecurity Advisory on SimpleHelp RMM Vulnerability | CISA

Today, CISA released Cybersecurity Advisory: Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider.
This advisory is in response to ransomware actors targeting customers of a utility billing software provider through unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM).
This incident is part of a broader trend of ransomware actors exploiting unpatched versions of SimpleHelp RMM since January 2025....
Cybersecurity and Infrastructure Security Agency C

AVEVA PI Connector for CygNet | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to persist arbitrary code in the administrative portal of the product or cause a denial-of-service condition.
The following versions of PI Connector for CygNet are affected:
A cross-site scripting vulnerability exists in PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant with local access to the connector admin portal to persist arbitrary JavaScript code th...
Cybersecurity and Infrastructure Security Agency C

Siemens SCALANCE and RUGGEDCOM | CISA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to circumvent authorization checks and perform actions that exceed the permissions of the "guest" role...
Cybersecurity and Infrastructure Security Agency C

PTZOptics and Other Pan-Tilt-Zoom Cameras | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to leak sensitive data, execute arbitrary commands, and access the admin web interface using hard-coded credentials.
The following ValueHD, PTZOptics, multiCAM Systems, and SMTAV products are affected:
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HT...
Cybersecurity and Infrastructure Security Agency C

AVEVA PI Data Archive | CISA

View CSAF
Successful exploitation of these vulnerabilities could shut down necessary subsystems and cause a denial-of-service condition.
The following versions of PI Data Archive, as delivered by PI Server are affected:
The affected products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service. Depending on the timing of the crash, data present in snapshots/write c...
Cybersecurity and Infrastructure Security Agency C

Siemens SIMATIC S7-1500 CPU Family | CISA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to affect the confidentiality, integrity, or availability of affected devices.
Siemens reports that th...
Cybersecurity and Infrastructure Security Agency C

Siemens RUGGEDCOM APE1808 | CISA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
Successful exploitation of this vulnerability could allow an attacker to execute malicious JavaScript in the context of an authenticated Captive Portal user's browser when the...
Cybersecurity and Infrastructure Security Agency C

CISA Releases Ten Industrial Control Systems Advisories | CISA

CISA released ten Industrial Control Systems (ICS) advisories on June 12, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released ten Industrial Control Systems (ICS) advisories on June 12, 2025. These advisories provide timely information about current security issues, vulnerabilities, and e...
Cybersecurity and Infrastructure Security Agency C

Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider | CISA

The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this advisory in response to ransomware actors leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing software provider. This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp RMM since January 2025.
SimpleHelp versions 5.5.7 and earlier contain several vulnerab...
Cybersecurity and Infrastructure Security Agency C

Siemens Tecnomatix Plant Simulation | CISA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
Successful exploitation of this vulnerability could allow an attacker to execute code in the context of the current process.
Siemens reports that the following products are af...
Cybersecurity and Infrastructure Security Agency C

AVEVA PI Web API | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to disable content security policy protections.
The following versions of AVEVA PI Web API are affected:
A cross-site scripting vulnerability exists in PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker (with privileges to create/update annotations or upload media files) to persist arbitrary JavaScript code that will be executed by users who were socially engineered to dis...
Cybersecurity and Infrastructure Security Agency C

MicroDicom DICOM Viewer | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer.
The following MicroDicom products are affected:
DICOM Viewer suffers from an out-of-bounds write vulnerability. Remote attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit the vulnerability in that the user must either visit a malicious websi...
Cybersecurity and Infrastructure Security Agency C

CISA Releases Four Industrial Control Systems Advisories | CISA

CISA released four Industrial Control Systems (ICS) advisories on June 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released four Industrial Control Systems (ICS) advisories on June 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and...
Cybersecurity and Infrastructure Security Agency C

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry si...
Cybersecurity and Infrastructure Security Agency C

Hitachi Energy Relion 670, 650, SAM600-IO Series | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to decrypt application data in transit.
Hitachi Energy reports that the following products are affected:
A timing-based side channel exists in the OpenSSL RSA decryption implementation, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve a successful decryption, an attacker would have to send a very large number of trial messages for decryption. The vulnerabi...
Cybersecurity and Infrastructure Security Agency C

SinoTrack GPS Receiver | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface. Access to the device profile may allow an attacker to perform some remote functions on connected vehicles such as tracking the vehicle location and disconnecting power to the fuel pump where supported.
The following SinoTrack products are affected:
A username and password are required to authenticate to the central SinoTra...
Cybersecurity and Infrastructure Security Agency C

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry si...
Cybersecurity and Infrastructure Security Agency C

Hitachi Energy Relion 670, 650 Series and SAM600-IO Product | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption on the products.
Hitachi Energy reports that the following products are affected:
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
CVE-2020-28895 has been assigned to this vuln...
Cybersecurity and Infrastructure Security Agency C

CISA Releases Seven Industrial Control Systems Advisories | CISA

CISA released seven Industrial Control Systems (ICS) advisories on June 5, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released seven Industrial Control Systems (ICS) advisories on June 5, 2025. These advisories provide timely information about current security issues, vulnerabilities, and...
Cybersecurity and Infrastructure Security Agency C

CyberData 011209 SIP Emergency Intercom | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or achieve code execution.
The following CyberData products are affected:
011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
CVE-2025-30184 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:...
Cybersecurity and Infrastructure Security Agency C

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry signifi...
Cybersecurity and Infrastructure Security Agency C

Updated Guidance on Play Ransomware | CISA

CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play ransomware group and provides updated indicators of compromise (IOCs) to enhance threat detection.
Since June 2022, Playcrypt has targeted diverse businesses and critical infrastructure across North Americ...
Cybersecurity and Infrastructure Security Agency C

CISA Releases Three Industrial Control Systems Advisories | CISA

CISA released three Industrial Control Systems (ICS) advisories on June 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released three Industrial Control Systems (ICS) advisories on June 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and...
Cybersecurity and Infrastructure Security Agency C

Schneider Electric Wiser Home Automation | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to inject code or bypass authentication.
The following Schneider Electric products are affected:
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass. This issue affects "Standalone" and "Application" v...
Cybersecurity and Infrastructure Security Agency C

Mitsubishi Electric MELSEC iQ-F Series | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to read confidential information, cause a denial-of-service condition, or stop operations by sending specially crafted packets.
The following versions of Mitsubishi Electric MELSEC iQ-F Series are affected. Products with [Note *1] are sold in limited regions:
This vulnerability allows a remote attacker to read information in the product, cause a Denial-of-Service (DoS) condition in MELSOFT connection communication wi...
Cybersecurity and Infrastructure Security Agency C

CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry signif...