PT-2026-39984

Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...

TELSAFE: Security Gap Quantitative Risk Assessment Framework

Gaps between established security standards and their practical implementation have the potential to introduce vulnerabilities, possibly exposing them to security risks. To effectively address and mitigate these security and compliance challenges, security risk management strategies are essential...

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information. The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone...

Network Providers and Devices targeted by Chinese state-sponsored actors

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The National Security Agency NSA, the Cybersecurity and Infrastructure Security Agency CISA, and the Federal Bureau of Investigation FBI have released a joint advisory to make organizations in the...

OilRig is back with another Phishing Email attack, delivering the Saitama Backdoor

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here An Iranian cyber espionage gang known as OilRig has began delivering malicious email to a Jordanian government employee at the foreign ministry. The email includes a malicious Excel sheet that installs the Saitama backdoor...

ICREM H8 SSRMS 安全漏洞

H8 Ssrms is a Canadian solution for the telecommunications industry. It is used to improve productivity, efficient processes, organized operations and increase profitability. A security vulnerability exists in ICREM H8 SSRMS that allows an attacker to disclose sensitive information through the...

Iranian APT Group Targets Governments in Kuwait and Saudi Arabia

Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. Bitdefender said the intelligence-gathering operations were conducted by Chafer APT also known as APT39 or Remix Kitten, a threat actor known fo...

Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection

Vantage Point Security Advisory 2014-007 ======================================== Title: Symantec Encryption Management Server - Remote Command Injection ID: VP-2014-007 Vendor: Symantec Affected Product: Symantec Encryption Gateway Affected Versions: 3.2.0 MP6 Product Website:...