As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
Category: EN
Hitachi Energy RTU500 Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerabilities: NULL Pointer Dereference, Improper Validation of Integrity Check Value, Improper Restriction of XML External Entity Reference, Heap-based Buffer Overflow, Integer…
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems (ICS) advisories on September 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-259-01 Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink Converter ICSA-25-259-02 Hitachi Energy RTU500…
Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink Converter
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Altivar products, ATVdPAC module, ILC992 InterLink Converter Vulnerability: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2. RISK EVALUATION Successful exploitation…
Samsung patches zero-day security flaw used to hack into its customers’ phones
The Galaxy phone maker said it was notified in August that hackers are actively exploiting the security flaw to target Samsung customers. This article has been indexed from Security News | TechCrunch Read the original article: Samsung patches zero-day security…
Google Pay, Drug Bots, and SIM Swaps: How Old Leaks and New Vulnerabilities Power Attacks
It starts with something simple: a CAPTCHA box on your screen. You type the number you see, because of course you do. That’s what humans do online. But what if that “CAPTCHA” wasn’t a CAPTCHA at all? In this post,…
Apple 0-day likely used in spy attacks affected devices as old as iPhone 8
May have been used in ‘extremely sophisticated’ attacks against ‘specific targeted individuals’ Apple backported a fix to older iPhones and iPads for a serious bug it patched last month – but only after it may have been exploited in what…
Jaguar Land Rover Admits to Longer Shutdown as Childish Hackers Troll Carmaker
JLR vs. SLH: Jaguar Land Rover woes worse than previously thought. The post Jaguar Land Rover Admits to Longer Shutdown as Childish Hackers Troll Carmaker appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the…
Salesloft Hack Shows How Developer Breaches Can Spread
Salesloft, a popular sales engagement platform, has revealed that a breach of its GitHub environment earlier this year played a key role in a recent wave of data theft attacks targeting Salesforce customers. The company explained that attackers gained…
The Cookie Problem. Should you Accept or Reject?
It is impossible for a user today to surf the internet without cookies, to reject or accept. A pop-up shows in our browser that asks to either “accept all” or “reject all.” In a few cases, a third option allows…