CVE-2025-14096

A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system. Other related CVE's ar...

CVE-2025-14096 Credential Disclosure vulnerability in Radiometer Products

A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system. Other related CVE's ar...

EUVD-2025-203887

A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...

ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe wa...

Microsoft Power Pages Elevation of Privilege Vulnerability

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update...

CVE-2025-24989

An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update...

Financial institutions ordered to notify customers after a breach, have an incident response plan

The Securities and Exchange Commission SEC has announced rules around breaches for certain financial institutions—registered broker-dealers, investment companies, investment advisers, and transfer agents— that require them to have written incident response policies and procedures that can be used...

MongoDB Suffers Security Breach, Exposing Customer Data

MongoDB on Saturday disclosed it's actively investigating a security incident that has led to unauthorized access to "certain" corporate systems, resulting in the exposure of customer account metadata and contact information. The American database software company said it first detected anomalous...

Digi RealPort Protocol

1. EXECUTIVE SUMMARY ​CVSS v3 9.0 ​ATTENTION: Exploitable remotely ​Vendor: Digi International, Inc. ​Equipment: Digi RealPort Protocol ​Vulnerability: Use of Password Hash Instead of Password for Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow the...

Analysis of Storm-0558 techniques for unauthorized email access

Executive summary On July 11, 2023, Microsoft published two blogs detailing a malicious campaign by a threat actor tracked as Storm-0558 that targeted customer email that weve detected and mitigated: Microsoft Security Response Center and Microsoft on the Issues. As we continue our investigation...

FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring

The U.S. Federal Trade Commission FTC has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras. This comprises a $25 million penalty for breaching children's privacy laws by retaining their Alexa voice recordings for...

SA40662 - Pulse Workspace data exposure

Problem A data exposure issue was discovered by a third party security research group where access to a small section of Pulse Secure customer data store on a recognized cloud service provider during the period of 11 AM to 2 PM on March 16, 2017. During this three-hour period, Pulse Secure has no...

New T-Mobile Breach Affects 37 Million Accounts

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately ...

Australian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers' Data

Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack. In an update to its ongoing investigation into the incident, the firm said the attackers had access to...

CVE-2022-21503

Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to Oracle...

CafePress faces $500,000 fine for data breach cover up

The US Federal Trade Commission FTC has announced that it took action against online customized merchandise platform CafePress over allegations that it failed to secure consumers’ sensitive personal data and covered up a major breach. CafePress is a popular online custom T-shirt and merchandise...

Fiserv Forgets to Buy Domain It Used as System Default

Fiserv, a multi-billion-dollar cybersecurity tech provider for financial institutions, forgot to buy the domain used as a default in their systems’ email communications, according to a report. The blunder could have exposed its clients’ user information to anyone with a few bucks to buy the domai...

LDAP authentication vulnerability in Access Gateway Advanced Access Control

Description of Problem If the Advanced Access Control option AAC of Access Gateway is configured to use LDAP authentication then it is possible for a user to logon without supplying valid credentials. This vulnerability only affects AAC Version 4.2 deployments that are using LDAP authentication;...

GoDaddy Hack Breaches Hosting Account Credentials

UPDATE GoDaddy, the world’s largest domain name registrar, is warning customers that attackers may have obtained their web hosting account credentials. An “unauthorized individual” was able to access users’ login details in an intrusion that the company said took place back in October — the compa...

Walgreens Mobile App Leaks Prescription Data

Popular pharmacy chain Walgreens is warning that a bug in its official mobile app may have exposed sensitive data, including customers’ full names and information on prescriptions for medications they are taking. The security issue stemmed from an “error” in the personal secure messaging feature ...