Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Why the US Military Can't Just Shoot Down the Mystery Drones

Small, easily weaponizable drones have become a feature of battlefields from the Middle East to Ukraine. Now the threat looms over the US homeland—and the Pentagon's ability to respond is limited.

Wired
#vulnerability#intel#auth
Human Misuse Will Make Artificial Intelligence More Dangerous

AI creates what it’s told to, from plucking fanciful evidence from thin air, to arbitrarily removing people’s rights, to sowing doubt over public misdeeds.

As the Mastermind of Far-Right ‘Active Clubs’ Goes to Prison, His Violent Movement Goes Global

The white supremacist Robert Rundo faces years in prison. But the “Active Club” network he helped create has proliferated in countries around the world, from Eastern Europe to South America.

'Dubai Police' Lures Anchor Wave of UAE Mobile Attacks

A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore.

336K Prometheus Instances Exposed to DoS, 'Repojacking'

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.

Europol Cracks Down on Holiday DDoS Attacks

In Operation PowerOFF, global authorities aim to deter individuals from engaging in malicious cyber acts.

Cultivating a Hacker Mindset in Cybersecurity Defense

Security isn't just about tools — it's about understanding how the enemy thinks and why they make certain choices.

ABB Cylon Aspect 3.07.00 (obtainPorts.php) Remote Code Execution

The ABB BMS/BAS controller suffers from an unauthenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'portValue' HTTP GET parameter called by obtainPorts.php script.

ABB Cylon Aspect 3.07.00 (obtainPorts.php) Configuration Manipulation

The obtainPorts.php script is accessible without authentication, allowing unauthorized users to retrieve and manipulate configuration parameters. This includes the ability to modify critical settings such as port values, potentially disrupting system functionality or enabling further exploitation.

ABB Cylon Aspect 3.08.01 (portQueueAjax.php) Information Disclosure

The portQueueAjax.php endpoint on ABB Cylon Aspect BMS/BAS controller is accessible without authentication, potentially exposing sensitive port statistics and network activity metrics. An attacker could leverage this information to map the network, identify critical systems, and plan further attacks.