GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...

@nasa-jpl/stellar-svelte (>=2.1.9 <=2.1.10), @scouterdev/ui (=0.0.1) +2 more potentially affected by CVE-2025-62381 via sveltekit-superforms (>=2.16.1 <=2.27.1)

sveltekit-superforms NPM version =2.16.1, =2.1.9, =1.3.0, =0.0.2-dev.80, =1.0.9 Source cves: CVE-2025-62381 Source advisory: SNYK:JS-SVELTEKITSUPERFORMS-13559331...

EUVD-2024-48028

Malicious code in bioql PyPI...

EUVD-2025-29238

Malicious code in bioql PyPI...

CVE-2025-56448

The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The alarm system does not properly rotate or invalidate used codes, allowing repeated reuse of captured transmissions. This exposes users to significant security...

CVE-2025-56448

The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The alarm system does not properly rotate or invalidate used codes, allowing repeated reuse of captured transmissions. This exposes users to significant security...

CVE-2025-56448

The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The alarm system does not properly rotate or invalidate used codes, allowing repeated reuse of captured transmissions. This exposes users to significant security...

CVE-2025-56448

The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The alarm system does not properly rotate or invalidate used codes, allowing repeated reuse of captured transmissions. This exposes users to significant security...

CVE-2025-56448

The CVE-2025-56448 entry concerns the Positron PX360BT SW REV 8 car alarm system. The provided documents state that the vulnerability arises from a failure to properly implement rolling-code security, allowing repeated use of captured transmissions and enabling a replay attack. Affected component...

PT-2025-37755

Name of the Vulnerable Software and Affected Versions Positron PX360BT SW REV 8 Description The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The alarm system does not properly rotate or invalidate used codes,...

CVE-2025-56448

The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The alarm system does not properly rotate or invalidate used codes, allowing repeated reuse of captured transmissions. This exposes users to significant security...

Positron PX360BT 安全漏洞

Positron PX360BT is an in-vehicle multimedia device from the Brazilian company Positron. A security vulnerability exists in the Positron PX360BT that stems from a failure to properly implement a rolling code security mechanism, which could lead to a replay attack...

CVE-2024-7007

Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application...

Positron Broadcast Signal Processor TRA7005 1.20 5.1.6 CSRF

============================================================================================================================================= | Title : Positron Broadcast Signal Processor TRA7005 v1.20 5.1.6 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

CVE-2024-7007

Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application...

CVE-2024-7007

Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application...

CVE-2024-7007

CVE-2024-7007 affects Positron Broadcast Signal Processor TRA7005 v1.20. The vulnerability is an authentication bypass (Alternate Path or Channel CWE-288) that could let an attacker reach protected areas (e.g., /user, /operator, /admin) without credentials. Several connected sources concur on the...

CVE-2024-7007 Authentication Bypass Using an Alternate Path or Channel in Positron Broadcast Signal Processor TRA7005

Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application...

CVE-2024-7007 Authentication Bypass Using an Alternate Path or Channel in Positron Broadcast Signal Processor TRA7005

Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on July 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-207-01 Siemens SICAM Products ICSA-24-207-02 Positron Broadcast Signal Processor CISA...