Lucene search
K

931 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.31 views

PT-2026-37659

Name of the Vulnerable Software and Affected Versions JohnsonControls AC2000 versions 10.6 through 10 JohnsonControls AC2000 versions 11.0 through 9 JohnsonControls AC2000 versions 12 through 3 Description An uncontrolled search path element issue allows for the manipulation of configuration file...

8.4CVSS5.7AI score0.00108EPSS
Exploits0References3
NCSC
NCSC
added 2026/04/22 12:56 p.m.5 views

vulnerabilities present in Oracle E-Business Suite

Oracle has identified vulnerabilities in the Oracle E-Business Suite. These vulnerabilities exist in various components of the Oracle E-Business Suite, including Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning, and Oracle Flow...

9.8CVSS6.7AI score0.01916EPSS
Exploits4References1
ICS
ICS
added 2026/04/13 12:30 a.m.8 views

ABB System 800xA, Symphony Plus IEC 61850

SUMMARY This vulnerability was privately reported relating to ABB’s implementation of the IEC 61850 communication stack for MMS client applications used in some Automation control system products. Note: IEC 61850 communication typically supports MMS and GOOSE protocols. Some ABB products support...

7.1CVSS5.7AI score0.00184EPSS
Exploits0References19
Talos Blog
Talos Blog
added 2026/04/07 12:3 p.m.5 views

Talos Takes: 2025's ransomware trends and zombie vulnerabilities

Join Amy and Pierre Cadieux as they unpack the ransomware and vulnerability trends that defined 2025. From the persistent ransomware threats targeting the manufacturing sector to the rise of stealthy living-off-the-land tactics, we break down what these shifts mean for your defense strategy. Why...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/04/02 5:28 p.m.5 views

US Bans All Foreign-Made Consumer Routers

This is for new routers; you don't have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers 1 introduce "a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense" and 2 pose "a severe...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/31 10:0 a.m.6 views

Ransomware in 2025: Blending in is the strategy

Ransomware attacks aren't smash-and-grab anymore. They're built on access that already looks legitimate -- closer to positioning chess pieces than breaking the door down. That's the big trend that comes through in the ransomware data from the Talos 2025 Year in Review. Once attackers have initial...

6AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/03/26 10:0 a.m.25 views

Anduril Wants to Own the Future of War Tech. Mishaps, Delays, and Challenges Abound

From drones to missiles to submarines, the $30.5 billion defense startup wants to transform how the tools of war are made. It’s not all going as planned...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/23 10:55 a.m.4 views

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...

6AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 10:54 a.m.13 views

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core (CVE-2025-68161)

Summary IBM App Connect for Manufacturing is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostnam...

6.3CVSS6.5AI score0.00743EPSS
Exploits1Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/20 12:0 a.m.2 views

An Agentic Multi-Agent Architecture for Cybersecurity Risk Management

Getting a real cybersecurity risk assessment for a small organization is expensive -- a NIST CSF-aligned engagement runs $15,000 on the low end, takes weeks, and depends on practitioners who are genuinely scarce. Most small companies skip it entirely. We built a six-agent AI system where each age...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/13 5:27 p.m.10 views

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group GTIG described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/09 10:58 a.m.8 views

Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active...

6.3AI score
Exploits0
Securelist
Securelist
added 2026/02/05 9:0 a.m.10 views

Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT

Introduction Stan Ghouls also known as Bloody Wolf is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan since at least 2023. These attackers primarily have their sights set on the manufacturing, finance, and IT...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.26 views

CVE-2021-27615

SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting XSS attacks...

5.4CVSS6.3AI score0.00585EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/01/01 12:0 a.m.13 views

Engineering Attack Vectors and Detecting Anomalies in Additive Manufacturing

Additive manufacturing AM is rapidly integrating into critical sectors such as aerospace, automotive, and healthcare. However, this cyber-physical convergence introduces new attack surfaces, especially at the interface between computer-aided design CAD and machine execution layers. In this work, ...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/18 11:43 a.m.7 views

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to Allocation of Resources Without Limits or Throttling due to Bouncy Castle (CVE-2025-8916)

Summary IBM App Connect for Manufacturing is vulnerable to Allocation of Resources Without Limits or Throttling due to Bouncy Castle. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Ja...

6.3CVSS6.7AI score0.0043EPSS
Exploits0Affected Software1
Qualys Blog
Qualys Blog
added 2025/11/24 4:0 p.m.9 views

Zero-Day Zero: The AI Attack That Just Ended the Era of the Forgiving Internet

Why the Exploit Window Has Collapsed and How CISOs Must Pivot to Survive For decades, cybersecurity was a game of time. We banked on the buffer between a vulnerability’s disclosure and its widespread exploitation. We relied on the forgiving internet, where human attackers needed days or weeks to...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/21 12:1 p.m.6 views

AI as Cyberattacker

From Anthropic: In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree­--using AI not just as an advisor, but to execute the cyberattacks...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/19 10:0 a.m.8 views

EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle AitM attacks. EdgeStepper "redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the...

6.6AI score
Exploits0
Trellix
Trellix
added 2025/11/18 12:0 a.m.8 views

Today’s threat landscape demands a proactive OT security strategy

Today’s threat landscape demands a proactive OT security strategy By John Fokker and Mo Cashman · November 18, 2025 Overview: The operational technology OT security landscape is undergoing rapid transformation, marked by an escalation in advanced threats. As reported in Trellix’s November...

5.7AI score
Exploits0
Rows per page
Query Builder