Federated Anomaly Detection and Mitigation for EV Charging Forecasting under Cyberattacks

Electric Vehicle EV charging infrastructure faces escalating cybersecurity threats that can severely compromise operational efficiency and grid stability. Existing forecasting techniques are limited by the lack of combined robust anomaly mitigation solutions and data privacy preservation...

EulerOS 2.0 SP13 : pam (EulerOS-SA-2025-2442)

According to the versions of the pam packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks a...

The Dark Side of Flexibility: How Aggregated Cyberattacks Threaten the Power Grid

Flexible energy resources are increasingly becoming common in smart grids. These resources are typically managed and controlled by aggregators that coordinate many resources to provide flexibility services. However, these aggregators and flexible energy resources are vulnerable, which could allow...

bind: Cache poisoning attacks with unsolicited RRs

A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records RRs in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache...

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. "A key differentiator is its ability to bypass encrypted messaging," ThreatFabric said in a report shared with The...

CVE-2025-63243

A reflected cross-site scripting XSS vulnerability exists in the password change functionality of Pixeon WebLaudos 25.1 01. The slesSenha parameter to the loginAlterarSenha.asp file. An attacker can craft a malicious URL that, when visited by a victim, causes arbitrary JavaScript code to be...

A Comprehensive Study on Cyber Attack Vectors in EV Traction Power Electronics

Electric vehicles EVs have drastically changed the auto industry and developed a new era of technologies where power electronics play the leading role in traction management, energy conversion and vehicle control processes. Nevertheless, this is a digital transformation, and the cyber-attack...

Blogile 安全漏洞

Blogile is a Node.js blogging system. A security vulnerability exists in Blogile, which stems from a weak CAPTCHA generation mechanism and a lack of rate limiting, which could lead to a brute force attack...

mall 访问控制错误漏洞

mall is an e-commerce system for macro individual developers, including frontend mall system and backend management system. An access control error vulnerability exists in mall 1.0.3 and earlier versions, which stems from improper access control and could lead to remote attacks...

kernel: ipv6: sr: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

IT threat evolution in Q3 2025. Mobile statistics

IT threat evolution in Q3 2025. Mobile statistics IT threat evolution in Q3 2025. Non-mobile statistics The quarter at a glance In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all...

IT threat evolution in Q3 2025. Non-mobile statistics

IT threat evolution in Q3 2025. Mobile statistics IT threat evolution in Q3 2025. Non-mobile statistics Quarterly figures In Q3 2025: Kaspersky solutions blocked more than 389 million attacks that originated with various online resources. Web Anti-Virus responded to 52 million unique links. File...

AudioCodes Fax Server 安全漏洞

AudioCodes Fax Server is a fax server from AudioCodes Israel. A security vulnerability exists in AudioCodes Fax Server version 2.6.23 and earlier, which originates from an unauthenticated prompted upload endpoint and could lead to file tampering and further attacks...

FileCodeBox 安全漏洞

FileCodeBox is a file courier locker for vastsa personal developers. Files can be shared with an anonymous password. A security vulnerability exists in FileCodeBox 2.2 and earlier versions, which stems from an IP rate-limiting implementation issue that could lead to bypassing protection and...

CVE-2025-65014

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely...

CVE-2025-65014 LibreNMS has Weak Password Policy

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely...

CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

The State of Security Today: Setting the Stage for 2026

As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, the challenges facing security teams today are ...

CVE-2025-13283

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

Windu CMS 安全漏洞

Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A security vulnerability exists in Windu CMS version 4.1, which stems from insufficient client-side brute force protection and could lead to brute force attacks...