Our news

  • Vulnerability Summary for the Week of March 3, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a–n/a  Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. 2025-03-04 10 CVE-2024-50704 n/a–n/a  Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute…

    READ MORE

  • FBI Warns of Data Extortion Scam Targeting Corporate Executives

    The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released an alert warning of a scam involving criminal actors masquerading as the “BianLian Group.”  The cyber criminals target corporate executives by sending extortion letters threatening to release victims’ sensitive information unless payment is received. CISA encourages organizations to review the following FBI Public Service…

    READ MORE

  • The Future of Cybersecurity in 2025

    Cybersecurity is always changing, with new threat actors and technologies emerging all the time. By 2025, we’ll see big shifts in how we protect our digital spaces. Key areas will include cloud security, AI, zero-trust systems, and the blending of cyber and physical threats. Staying ahead of this evolving landscape will require an understanding of…

    READ MORE

  • Vulnerability Summary for the Week of February 24, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info jupyterhub–ltiauthenticator  `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn’t validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only users that has configured a JupyterHub installation to use…

    READ MORE

  • Vulnerability Summary for the Week of February 17, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info a1post–A1POST.BG Shipping for Woo  Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a through 1.5.1. 2025-02-22 8.8 CVE-2025-27012 amauric–WPMobile.App  The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in…

    READ MORE

  • CISA and Partners Release Advisory on Ghost (Cring) Ransomware

    Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released a joint Cybersecurity Advisory, #StopRansomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations. Ghost actors…

    READ MORE

  • #StopRansomware: Ghost (Cring) Ransomware

    Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see…

    READ MORE

  • Vulnerability Summary for the Week of February 10, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info ABB–System 800xA  A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.  An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA:…

    READ MORE

  • CISA Releases Twenty Industrial Control Systems Advisories

    CISA released twenty Industrial Control Systems (ICS) advisories on February 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-044-01 Siemens SIMATIC S7-1200 CPU Family ICSA-25-044-02 Siemens SIMATIC ICSA-25-044-03 Siemens SIPROTEC 5 ICSA-25-044-04 Siemens SIPROTEC 5 ICSA-25-044-05 Siemens SIPROTEC 5 Devices ICSA-25-044-06 Siemens RUGGEDCOM APE1808 Devices ICSA-25-044-07 Siemens…

    READ MORE

  • Is DeepSeek Lying to You? Unmasking the AI’s Data Deception

    In the world we live in today, where Artificial Intelligence is gaining more prevalence in usage among the average user, trust is a subjective case in which one needs to maintain discipline & cordiality. DeepSeek is an AI platform that originated in China and has obtained a mass following in popularity with people around the…

    READ MORE