PT-2025-48405

opening the vault on a 3-year-old vulnerability: CVE-2022-35420 back in 2022, I got bored and decided to hunt for a zero-day instead of writing the red-team report. I found an unauthenticated admin takeover in a SCADA system used to control real-world physical machinery. I waited until now to...

Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure

Three critical security vulnerabilities in widely used smart uninterruptible power supply UPS devices could allow for remote takeover, meaning that malicious actors could cause business disruptions, data loss and even physical harm to critical infrastructure, researchers have found. Researchers a...

Industrial Cobots Might Be The Next Big IoT Security Mess

Researchers at IOActive have found nearly 50 vulnerabilities in industrial collaborative robots, machines that work side-by-side with people in manufacturing and other settings, that can be abused to possibly cause physical harm to workers, or even configured to spy on their surroundings. The...

CVE-2015-2247

Unspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement, cause human injury, or cause physical damage via vectors related to an "injection attack" that blocks and hijacks a Bluetooth signal...