#git

About Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972) vulnerability. ThemeHunk company develops commercial themes for WordPress CMS. And the Hunk Companion plugin is designed to complement and enhance the functionality of these themes. The plugin has over 10,000 installations. On December 10, WPScan reported a vulnerability in Hunk Companion plugin versions below 1.9.0, allowing […]

Microsoft has revealed that it's pursuing legal action against a "foreign-based threat–actor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content. The tech giant's Digital Crimes Unit (DCU) said it has observed the threat actors "develop

New year, same story. Despite Ivanti's commitment to secure-by-design principles, threat actors — possibly the same ones as before — are exploiting its edge devices for the nth time.

Ivanti has issued a critical security advisory addressing two vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateway products.

Cybercriminals are luring victims into downloading the XMRig cryptomining malware via convincing emails, inviting them to schedule fake interviews using a malicious link.

Growing sales of the System for Operative Investigative Activities (SORM), a Russian wiretapping platform, in Central Asia and Latin American suggests increasing risks for Western businesses.

Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range.

To build a truly inclusive and diverse cybersecurity workforce, we need a comprehensive approach beyond recruitment and retention.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony HMI and Pro-face HMI Products Vulnerability: Use of Unmaintained Third-Party Components 2. RISK EVALUATION Successful exploitation of this vulnerability could cause complete control of the device when an authenticated user installs malicious code into HMI product 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following versions of Harmony HMI and Pro-face HMI are affected: Harmony HMIST6: All versions Harmony HMISTM6: All versions Harmony HMIG3U: All versions Harmony HMIG3X: All versions Harmony HMISTO7 series with Ecostruxure Operator Terminal Expert runtime: All versions PFXST6000: All versions PFXSTM6000: All versions PFXSP5000: All versions PFXGP4100 series with Pro-face BLUE runtime: All versions 3.2 Vulnerability Overview 3.2.1 USE OF UNMAINTAINED THIRD-PARTY COMPONENTS CWE-1104 The affected product is vulnerable...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony HMI and Pro-face HMI Products Vulnerability: Use of Unmaintained Third-Party Components 2. RISK EVALUATION Successful exploitation of this vulnerability could cause complete control of the device when an authenticated user installs malicious code into HMI product 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following versions of Harmony HMI and Pro-face HMI are affected: Harmony HMIST6: All versions Harmony HMISTM6: All versions Harmony HMIG3U: All versions Harmony HMIG3X: All versions Harmony HMISTO7 series with Ecostruxure Operator Terminal Expert runtime: All versions PFXST6000: All versions PFXSTM6000: All versions PFXSP5000: All versions PFXGP4100 series with Pro-face BLUE runtime: All versions 3.2 Vulnerability Overview 3.2.1 USE OF UNMAINTAINED THIRD-PARTY COMPONENTS CWE-1104 The affected product is vulnerable...