Security
Headlines
HeadlinesLatestCVEs

Latest News

ABB Cylon Aspect 3.08.02 (syslogUpdate.php) Remote Code Execution

The ABB BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through POST parameters, including REMOTE, IP1, IP2, IP3, IP4, and NAME, called by the syslogUpdate.php script.

Zero Science Lab
Open in Source
#vulnerability#php#rce#auth
ABB Cylon Aspect 3.08.02 (syslogUpdate.php) Remote Code Execution

The ABB BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through POST parameters, including REMOTE, IP1, IP2, IP3, IP4, and NAME, called by the syslogUpdate.php script.

How CISOs Can Communicate With Their Boards Effectively

With the increased frequency of board reporting, CISOs need to ensure their interactions are brief, productive, and valuable.

Middle East Cyberwar Rages On, With No End in Sight

Since October 2023, cyberattacks among countries in the Middle East have persisted, fueled by the conflict between Israel and Hamas, reeling in others on a global scale.

Name That Toon: Sneaking Around

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

Cybersecurity researchers have found that it's possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. "Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect," Palo Alto Networks Unit 42 researchers

Why Ethereum Will Be a Key Platform for Businesses in the Future

Explore how Ethereum revolutionizes industries with smart contracts, DeFi, NFTs, gaming, DAOs, and sustainability, shaping the future of…

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up. Hackers are using everyday tools in harmful ways, hiding spyware in trusted apps, and finding new ways to take advantage of old security gaps.

Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner

Popular npm packages, Rspack and Vant, were recently compromised with malicious code. Learn about the attack, the impact, and how to protect your projects from similar threats.

Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm. "It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable," Sophos said in a new report published last