9516 matches found
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language. Experts say the wip...
2025 Talos Year in Review: Speed, scale, and staying power
The 2025 Talos Year in Review is now available to view online. The pace and scale of adversary activity in 2025 placed sustained pressure on security teams across industries. As with each annual report, our goal at Talos is to provide the security community with a clear analysis of the tactics,...
Introducing Wiz AI Application Protection Platform (AI-APP)
Secure every layer of AI applications — infrastructure, data, access, models, agents, and applications — from code to runtime, across every environment you build in...
CVE-2026-33186
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...
EUVD-2026-13846
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-29796
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
CVE-2026-25192 CTEK Chargeportal Missing Authentication for Critical Function
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...
Important: Red Hat Security Advisory: Red Hat Update Infrastructure 5.1 security update
The latest release of Red Hat Update Infrastructure. For more details, see the product documentation. Red Hat Update Infrastructure RHUI container images are based on the latest RHUI RPM packages and the ubi9 or ubi9-init base images. This release updates to the latest version...
Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.3.4
Logging for Red Hat OpenShift - 6.3.4 Red Hat OpenShift Logging 6.3.4 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...
EUVD-2026-12665
Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects component: Desktop. The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
Defending the Power Grid by Segmenting the EV Charging Cyber Infrastructure
This paper examines defending the power grid against load-altering attacks using electric vehicle charging. It proposes to preventively segment the cyber infrastructure that charging station operators CSOs use to communicate with and control their charging stations, thereby limiting the impact of...
CVE-2026-21994
Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects component: Desktop. The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2021-29239
creationtimestamp| type| source ---|---|--- 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01...
AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera. The report, based on a survey of 300 US CISOs and senior security leaders, examines how...
PT-2026-25957
CVE: CVE-2026-21994 Vendor: Oracle corporation Product: Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit CVSS: 9.8 Credits: n/a Description: Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects component...
Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit 安全漏洞
Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit is a set of tools provided by Oracle Corporation in the United States, used for designing and visualizing edge cloud infrastructure architectures. Version 0.3.0 of Oracle Edge Cloud Infrastructure Designer and Visualisation Toolk...
Secure the AI Factory: Data Center Security for Accelerated Intelligence
...
Exploit for Code Injection in Unicode
codescan Fast, configurable code security scanner written in...
Graph Neural Network-Based DDoS Protection for Data Center Infrastructure
In light of rising cybersecurity threats, data center providers face growing pressure to protect their own management infrastructure from Distributed Denial-of-Service DDoS attacks. While tenant-managed cages generally fall outside the data center's direct security purview, a successful DDoS...
Exploit for Out-of-bounds Write in Netapp Bootstrap_Os
Typeform DevSecOps Pipeline POC !Pythonhttps://img.shields...