EUVD-2024-44896

Malicious code in bioql PyPI...

Malicious code in vessel (npm)

The package vessel was found to contain malicious code...

MAL-2025-47127 Malicious code in vessel (npm)

The package vessel was found to contain malicious code...

CVE-2024-50469

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in brightvesseldev Textboxes textboxes allows DOM-Based XSS.This issue affects Textboxes: from n/a through = 0.1.3.1...

What goes into testing a ship?

TL;DR Testing a ship involves identifying and mitigating cybersecurity risks using the "Identify, Prevent, Detect, Respond, Recover" framework. Guidelines include MSC.42898, BIMCO, IACS UR E26/E27, and ISO standards. New builds and existing vessels require proper documentation and network securit...

CVE-2024-50469 WordPress Textboxes plugin <= 0.1.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in brightvesseldev Textboxes textboxes allows DOM-Based XSS.This issue affects Textboxes: from n/a through = 0.1.3.1...

CVE-2024-50469 WordPress Textboxes plugin <= 0.1.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in brightvesseldev Textboxes textboxes allows DOM-Based XSS.This issue affects Textboxes: from n/a through = 0.1.3.1...

CVE-2024-50469

CVE-2024-50469 is a DOM-based XSS vulnerability in the WordPress Textboxes plugin (versions up to 0.1.3.1). The issue is described as Improper Neutralization of Input During Web Page Generation (XSS) affecting Textboxes; CVSS 3.1 base score 6.5 (Network, Low Privileges, User Interaction required,...

PT-2024-34245 · Unknown · Team Bright Vessel Textboxes

Name of the Vulnerable Software and Affected Versions: Team Bright Vessel Textboxes versions 0.1.3.1 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This is a DOM-Based XSS vulnerability...

Cyber threats to shipping explained

TL;DR Modern vessels are becoming increasingly connected. While it is unlikely that hackers could fully control a container ship remotely, they may be able to disrupt systems such as the Power Management System PMS, leading to blackouts and associated loss of propulsion and steering. Although...

Can ships be hacked?

Photo: David Adams, MV Dali and the Francis Scott Key Bridge collapse - 240326-A-SE916-6662, A layer has been added showing a character and a speech bubble, CC0 1.0 TL;DR Ships can be hacked Was the MV Dali hacked? Practically impossible Polarised views from uninformed commentators do not help...

Friday Squid Blogging: Peruvian Squid-Fishing Regulation Drives Chinese Fleets Away

A Peruvian oversight law has the opposite effect: Peru in 2020 began requiring any foreign fishing boat entering its ports to use a vessel monitoring system allowing its activities to be tracked in real time 24 hours a day. The equipment, which tracks a vessels geographic position and fishing...

Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics

CVE-2022-24637 Unauthenticated RCE in Open Web Analytics versi...

Maritime regulation. All Hands-on Deck!

TL;DR The regulation from the IMO has changed, you need to do more about cyber security. Key things to focus on: Start asking questions of your supply chain, of your own IT and OT teams Assess the security configuration per vessel – each are different Use Critical National Infrastructure controls...

vessel-energy.com Cross Site Scripting vulnerability OBB-2683287

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Where maritime cyber checklists fail

The coming IMO cyber security regulations are a step in the right direction towards vessel security, but the impracticality of assessing the cyber security of a ship, together with a huge skills shortage, leads classification societies towards checklist based assessments. Having seen some of thes...

Friday Squid Blogging: 13-foot Giant Squid Caught off New Zealand Coast

It's probably a juvenile: Researchers aboard the New Zealand-based National Institute of Water and Atmospheric Research Ltd NIWA research vessel Tangaroa were on an expedition to survey hoki, New Zealand's most valuable commercial fish, in the Chatham Rise ­ an area of ocean floor to the east of...

Ships engines, a guide for pen testers

I spent several years as a ships engineer before straying in to pen testing. Ships used to be fairly secure; they were physically isolated at sea. Satcoms were scarily expensive, usually available only to the captain for business-critical communication. Even satphone use was heavily rationed. All...

CVE-2019-16320

Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community...

Hacking AIS

Maritime AIS, or ‘Automatic Identification System’ is used for broadcast and reception of vessel position and information alerts. It has proved invaluable since its introduction in the 1990s and has undoubtedly helped prevent many marine accidents, collisions and related incidents. Previous...