CVE-2026-42608 Grav: Unauthenticated Path Traversal & Arbitrary File Write in FormFlash component.

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the sessionid passed as form-flash-id in POST requests, an unauthenticated attacker can traverse the filesystem to create arbitrary directories an...

Jaguar Land Rover Cyberattack Disrupts Production and Sales Operations

Jaguar Land Rover is restoring systems after a cyberattack disrupted production and sales, with a hacker group previously…...

CVE-2025-7768

Tigo Energy's Cloud Connect Advanced CCA device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar...

Ransomware Attack Foils IoT Giant Sierra Wireless

A ransomware attack on leading internet-of-things IoT manufacturer Sierra Wireless this week ground its production activity to a halt and froze various other internal operations. The Canadian multinational manufacturer creates a broad array of communications equipment – from gateways to routers,...

Molson Coors Cracks Open a Cyberattack Investigation

Another high-profile company has been hit with a cyber attack that’s causing a major disruption to its business. Brewing company Molson Coors acknowledged on Thursday that it has “experienced a systems outage that was caused by a cybersecurity incident,” according to a Form 8-K filed with the SEC...

Industrial Control Device Vulnerability in CJ2M-CPU11 at Omron Automation (China) Co.

The OMRON Group is a manufacturer of automation control and electronic equipment. A vulnerability exists in CJ2M-CPU11 of Omron Automation China Co. for industrial control devices. An attacker could exploit the vulnerability to cause control functions to stop, resulting in production interruption...

Denial of Service Vulnerability in Schneider PLC-M580

The M580, a PLC in Schneider's Modicon PLC family, is Schneider Electric's first high-end integrated controller built for the Industrial Internet of Things architecture. A denial of service vulnerability exists in the Schneider PLC-M580, which can be exploited by an attacker to cause the PLC's...

AB CompactLogix 5000 Series Controller CIP Protocol Denial of Service Vulnerability

The AB CompactLogix 5000 series are controllers for Logix solutions for low-end to mid-size applications. A vulnerability in the CIP communication protocol of the AB CompactLogix 5000 Series controllers, if successfully exploited, could cause the target device to fail to respond properly to...