253 matches found
Microcom ZeusWeb 安全漏洞
Microcom ZeusWeb is a remote monitoring platform developed by the Spanish company Microcom. Version 6.1.31 of Microcom ZeusWeb contains a security vulnerability. This vulnerability stems from the injection of XSS payloads into the Email parameter in the “Recover password” section, which may lead ...
CVE-2025-59379
DwyerOmega Isensix Advanced Remote Monitoring System ARMS 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal credentials, which may be cleartext, from...
PT-2026-1459
Name of the Vulnerable Software and Affected Versions DwyerOmega Isensix Advanced Remote Monitoring System ARMS version 1.5.7 Description The software allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the...
EUVD-2025-202446
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or...
Medtronic CareLink Network 安全漏洞
Medtronic CareLink Network is an open source platform for remote monitoring of cardiac patients by Medtronic in the United States. A security vulnerability exists in versions of Medtronic CareLink Network prior to December 4, 2025, which stems from a local attacker being able to view plaintext...
How attackers use real IT tools to take over your computer
A new wave of attacks is exploiting legitimate Remote Monitoring and Management RMM tools like LogMeIn Resolve formerly GoToResolve and PDQ Connect to remotely control victims’ systems. Instead of dropping traditional malware, attackers trick people into installing these trusted IT support progra...
Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows
Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that's targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control C2 server, Kaspersky researcher Lisandro Ubiedo said in an...
Hackers commit highway robbery, stealing cargo and goods
There’s a modern-day train heist happening across America, and this time, some of the bandana-masked robbers are sitting behind screens. According to new research, a group of cybercriminals has been attacking trucking, freight, and logistics companies for months, impersonating brands and even...
Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions
A never-before-seen threat activity cluster codenamed UNKSmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel. "UNKSmudgedSerpent...
Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks
Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management RMM software for financial gain and ultimately steal cargo freight. The threat cluster, believed to be active since at least June 2025 according t...
Security update for chrony
This update for chrony fixes the following issues: Update to version 4.8: Add maxunreach option to limit selection of unreachable sources Add -u option to chronyc to drop root privileges default chronyc user is set by configure script Fix refclock extpps option to work on Linux = 6.15 Validate...
ConnectWise Automate Agent 安全漏洞
ConnectWise Automate Agent is a remote monitoring and management software from ConnectWise USA. A security vulnerability exists in ConnectWise Automate Agent that stems from not fully verifying the authenticity of files downloaded from a server, which could lead to a man-in-the-middle attack...
EUVD-2021-10905
Malware in sbrugna...
EUVD-2002-1426
Malware in sbrugna...
EUVD-2018-19532
Malware in sbrugna...
EUVD-2022-33855
Malicious code in bioql PyPI...
Hackers Hide RMM Installs as Fake Chrome Updates and Teams Invites
New research from Red Canary and Zscaler shows phishing lures now drop RMM tools like ITarian and Atera,…...
Linux Distros Unpatched Vulnerability : CVE-2018-14324
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remot...
Linux Distros Unpatched Vulnerability : CVE-2021-23985
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could hav...
One Video to Steal Them All: 3D-Printing IP Theft through Optical Side-Channels
The 3D printing industry is rapidly growing and increasingly adopted across various sectors including manufacturing, healthcare, and defense. However, the operational setup often involves hazardous environments, necessitating remote monitoring through cameras and other sensors, which opens the do...