3 easy-to-miss cybersecurity risks for small businesses

There’s a lot to security that isn’t necessarily “cyber.” It’s not all hackers or complex network attacks. Alongside traditional cyberattacks that deploy malware or exploit known software vulnerabilities, there are also less technical—yet equally devastating—forms of theft. This doesn’t mean that...

Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker

A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guil...

kog-bonds-poc

KOG Bonds POC Agent Complete proof-of-concept demonstrating e...

RansomHouse Claims Data Breach at Major Apple Contractor Luxshare

RansomHouse claims to have breached Apple contractor Luxshare, but no evidence has been released. Links are offline and the breach remains unverified...

CVE-2023-40362

An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known...

CVE-2025-10460

A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...

CVE-2025-10460

A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...

CVE-2025-10460 Unsanitized parameter input leading to SQL Injection vulnerability

A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...

EUVD-2025-197751

A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...

CVE-2025-10460 Unsanitized parameter input leading to SQL Injection vulnerability

A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...

CVE-2025-10460

Summary: CVE-2025-10460 is a SQL Injection vulnerability in FMI/BEIMS Contractor Web. Affected component: the /BEIMSWeb/contractor.asp endpoint on BEIMS Contractor Web (version 5.7.139 is confirmed vulnerable). Root cause: improper input validation leading to unsanitized parameter input that can ...

PT-2025-47106

A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...

FMI BEIMS Contractor Web 安全漏洞

FMI BEIMS Contractor Web is a module for a facility management system from FMI Australia. A security vulnerability exists in FMI BEIMS Contractor Web version 5.7.139, which originates from improper validation of /BEIMSWeb/contractor.asp endpoint inputs and could lead to a SQL injection attack...

A Major Leak Spills a Chinese Hacking Contractor’s Tools and Targets

Plus: State-sponsored AI hacking is here, Google hosts a CBP face recognition app, and more of the week’s top security news...

ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising

The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that...

EUVD-2023-44933

Malicious code in bioql PyPI...

EUVD-2023-48604

Malicious code in bioql PyPI...

ICE Wants to Build Out a 24/7 Social Media Surveillance Team

Documents show that ICE plans to hire dozens of contractors to scan X, Facebook, TikTok, and other platforms to target people for deportation...

CVE-2023-44245

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...

CISA: Dams Sector Personnel Screening Guide

The Dams Sector Personnel Screening Guide 2025 provides information to assist Dams Sector owners and operators in developing and implementing personnel screening protocols appropriate for their facilities. An effective screening protocol for potential employees and contractor support can contribu...