CVE-2025-10542 Insecure Default Admin Credentials Enable Full Administrative Access in iMonitor EAM

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and dat...

CVE-2025-10542

CVE-2025-10542 affects iMonitor EAM 9.6394. The root cause is default administrative credentials exposed in the management client’s dialog, enabling remote authentication to the EAM server. Successful exploitation allows full control over monitored agents and data, including access to highly sens...

CVE-2025-10542 Insecure Default Admin Credentials Enable Full Administrative Access in iMonitor EAM

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and dat...

PT-2025-39391

Name of the Vulnerable Software and Affected Versions iMonitor EAM version 9.6394 Description The software ships with default administrative credentials that are displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can...

Flying Drones to Locate Cyber-Attackers in LoRaWAN Metropolitan Networks

Today, many critical services and industrial systems rely on wireless networks for interaction with the IoT, hence becoming vulnerable to a broad number of cyber-threats. While detecting this kind of attacks is not difficult with common cyber-security tools, and even trivial for jamming, finding...

The Cybersecurity of a Humanoid Robot

The rapid advancement of humanoid robotics presents unprecedented cybersecurity challenges that existing theoretical frameworks fail to adequately address. This report presents a comprehensive security assessment of a production humanoid robot platform, bridging the gap between abstract security...

CVE-2025-10250

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...

CVE-2025-9161

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...

CVE-2025-10250

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...

CVE-2025-10250 DJI Mavic Spark/Mavic Air/Mavic Mini Telemetry Channel hard-coded key

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...

CVE-2025-10250 DJI Mavic Spark/Mavic Air/Mavic Mini Telemetry Channel hard-coded key

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...

CVE-2025-10250

CVE-2025-10250 affects DJI Mavic Spark/Mavic Air/Mavic Mini (firmware 01.00.0500) due to a hard-coded cryptographic key in the Telemetry Channel. A local-network attacker can exploit this, with the vulnerability described as high attack complexity and publicly released exploit; affected products ...

Inside Wallarm Security Edge: Instant Protection at the API Edge

APIs are now the beating heart of digital infrastructure. But as they have risen in importance, they’ve also become prime targets for attackers. Complex, often poorly understood API behaviors present rich opportunities for exploitation, and too often, security teams are left scrambling to protect...

PT-2025-37174

Name of the Vulnerable Software and Affected Versions: DJI Mavic Spark version 01.00.0500 DJI Mavic Air version 01.00.0500 DJI Mavic Mini version 01.00.0500 Description: A weakness exists in the Telemetry Channel component due to the use of a hard-coded cryptographic key. An attacker present on t...

DJI Mavic 安全漏洞

DJI Mavic is a series of drones from the Chinese company DJI DJI. A security vulnerability exists in DJI Mavic that stems from the use of hard-coded keys in the component Telemetry Channel, which could lead to a local network attack...

Linux Distros Unpatched Vulnerability : CVE-2021-39211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server...

Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and Beyond

A deeper look at the npm debug/chalk supply-chain incident: deobfuscating the wallet-hijacking browser interceptor, quantifying the 2-hour exposure with Wiz telemetry 99% package prevalence, 10% malware presence, and unpacking what made it spread so fast...

Silent Pivot: Detecting Fileless Lateral Movement via Service Manager with Trellix NDR

Silent Pivot: Detecting Fileless Lateral Movement via Service Manager with Trellix NDR By Maulik Maheta and Lishoy Mathew · September 8, 2025 Executive summary The tactics of cyber adversaries continue to evolve as they attempt to bypass security vendors. Rather than traditional malware, today’s...

RHEL 9 : opentelemetry-collector (RHSA-2025:15406)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:15406 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: net/http: Sensitive headers not cleared on cross-origin...

CVE-2024-49731

In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...