Malicious code in @zalastax/nolb-_imo (npm)

The package @zalastax/nolb-imo was found to contain malicious code...

MAL-2025-10126 Malicious code in @zalastax/nolb-_imo (npm)

The package @zalastax/nolb-imo was found to contain malicious code...

Maritime lawyers assemble!

Maritime cyber insurance has been playing catch-up with maritime cyber security for a while now. It was all pretty good until the availability of cheap VSAT meant that ships became constantly connected. Vessels were mostly not connected at sea, other than Fleet Broadband connections, rarely used...

Maritime regulation. All Hands-on Deck!

TL;DR The regulation from the IMO has changed, you need to do more about cyber security. Key things to focus on: Start asking questions of your supply chain, of your own IT and OT teams Assess the security configuration per vessel – each are different Use Critical National Infrastructure controls...

imo-gmbh.com Improper Access Control vulnerability OBB-2177785

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Researchers Uncover Android Spying Campaign Targeting Pakistan Officials

Two new Android surveillanceware families have been found to target military, nuclear, and election entities in Pakistan and Kashmir as part of a pro-India, state-sponsored hacking campaign. Dubbed Hornbill and Sunbird, the malware impersonates legitimate or seemingly innocuous services to cover...

Where maritime cyber checklists fail

The coming IMO cyber security regulations are a step in the right direction towards vessel security, but the impracticality of assessing the cyber security of a ship, together with a huge skills shortage, leads classification societies towards checklist based assessments. Having seen some of thes...

Speed 2 – The Poseidon Adventure – Part One

This post is a companion to the DEF CON 28 video available here This is a tale of how we tested a brand new cruise ship over the course of a week. TL;DR How fire zone safety design affects security When ballasting control goes wrong Where maritime tech providers let security down, badly Are IMO &...

imo beta free calls and text - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application imo beta free calls and text published at the 'play' market has multiple vulnerabilities...

imo cloud Office system get_file.php parameter nid arbitrary command execution vulnerability

No description provided by source...

imo cloud Office system /file/NDisk/read.php parameters filename arbitrary file read vulnerability

No description provided by source...

imo cloud Office system /Customize/Audit/auditreport/Qgroupmsg.php files like uid parameter SQL injection vulnerability

No description provided by source...

imo cloud Office system /file/NDisk/read.php the filename parameter local file inclusion vulnerability

No description provided by source...

imo cloud Office system /Customize/Audit/auditreport/downnmsg.php file the uid parameter SQL injection vulnerability

No description provided by source...

imo云办公室系统 /api/Api.php 参数cid SQL注入漏洞

No description provided by source...

imo云办公室系统/server/loginBindkd.php cAccount参数命令执行漏洞

No description provided by source...

imo云办公室系统 /approval/approval/get_approval_info 参数aid sql注入

No description provided by source...

imo云办公室系统/file/Placard/upload/Imo_DownLoadUI.php filename参数任意文件遍历漏洞

No description provided by source...

imo & imoffice /corpfile.php文件存在无需登录命令执行漏洞

No description provided by source...