CVE-2022-50979

An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus RS485...

PT-2026-5667

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

EUVD-2025-16063

Malicious code in bioql PyPI...

EUVD-2025-6936

Malicious code in bioql PyPI...

Geopolitical Aggression Trigger Digital Sabotage on Critical Infrastructure

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. The modern battlefield isn't just on the ground; it's online, and the digital front continues to...

How Scattered Spider Used Fake Calls to Breach Clorox via Cognizant

Specops Software's analysis reveals how Scattered Spider's persistent help desk exploitation cost Clorox $400 million. Understand the August 2023 breach, its operational disruption, and critical steps organisations must take to protect against similar social engineering threats...

CVE-2025-36535

The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality...

CVE-2025-36535 AutomationDirect MB-Gateway Missing Authentication for Critical Function

The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality...

CVE-2025-36535 AutomationDirect MB-Gateway Missing Authentication for Critical Function

The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality...

CVE-2025-36535

CVE-2025-36535 affects AutomationDirect MB-Gateway. The embedded web server lacks authentication/access controls, allowing unrestricted remote access that could enable configuration changes, operational disruption, or arbitrary code execution depending on exposure. Public sources (NVD, CVE listin...

Configuration Download Detected (High)

The system detected a change in the controller configuration that was made via the network. An attacker may use configuration changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

Controller Code Modification Detected (Low)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

Controller Code Modification Detected (High)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

Configuration Download Detected (Medium)

The system detected a change in the controller configuration that was made via the network. An attacker may use configuration changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

Device Status Modification Detected (Critical)

Changes in the controller state can stop operations altogether or start an operation that should not have been started. These operations can be used by an attacker to disrupt normal operation, cause production losses, or create safety concerns. This plugin only works with Tenable.ot. Please visit...

CVE-2025-31332

CVE-2025-31332 concerns insecure file permissions in SAP BusinessObjects Business Intelligence Platform. A local attacker could modify files, potentially disrupting operations or causing service downtime, leading to high impact on integrity and availability . The vulnerability does not disclose s...

Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems

Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition SCADA system used in operational technology OT environments, that could allow malicious actors to take control of susceptible systems. "These vulnerabilities,...

Compop Online Mall 3.5.3 Authentication Bypass Vulnerability

Exploit Title: Compop Online Mall Authentication Bypass Google Dork: Terms of Use inurl:compop.vip Exploit Author: dmlino Vendor Homepage: https://www.compop.ca/ Version: 3.5.3 CVE : CVE-2024-48445 Vulnerability Overview: The system uses a Unix timestamp "ts" parameter in URLs for authentication,...

GHSA-HJ3W-WRH4-44VP LLama Factory Remote OS Command Injection Vulnerability

Summary A critical remote OS command injection vulnerability has been identified in the Llama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on the host system. The issue is caused by insecure...

LLama Factory Remote OS Command Injection Vulnerability

Summary A critical remote OS command injection vulnerability has been identified in the Llama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on the host system. The issue is caused by insecure...