Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

ABB Cylon FLXeon 9.3.4 (cmds.js) Authenticated Root Remote Code Execution

The ABB Cylon FLXeon BAS controller is vulnerable to authenticated root command execution via the cmds API. An authenticated attacker can execute arbitrary system commands with root privileges.

Zero Science Lab
Open in Source
#vulnerability#web#linux#nodejs#js#intel#rce#pdf#auth#sap
Israeli Spyware Firm Paragon Linked to WhatsApp Zero-Click Attack

WhatsApp recently revealed a targeted spyware campaign linked to the Israeli firm Paragon, which affected 90 individuals, including…

Casio and 16 Other Websites Hit by Double-Entry Web Skimming Attack

Researchers uncover a double-entry website skimming attack targeting Casio and 16 other sites. Learn how cybercriminals exploited vulnerabilities to steal sensitive payment data and evade detection.

ABB Cylon FLXeon 9.3.4 (login.js) Unauthenticated Root Remote Code Execution

The ABB Cylon FLXeon (BACnet) controller suffers from an unauthenticated remote code execution vulnerability with root privileges. Input passed through the login.js script for the password JSON parameter allows out-of-band command injection.

AI-Generated Content: How Cybercriminals Are Using It for Phishing Scams

AI-generated content is empowering even novice hackers to elevate phishing attacks, enabling highly personalized and convincing scams targeting…

Tenable to Acquire Vulcan Cyber to Boost Exposure Management Focus

The deal, expected to close this quarter, will give Tenable One Exposure Management much-needed integration with over 100 third-party security tools and platforms.

DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot

Security researchers tested 50 well-known jailbreaks against DeepSeek’s popular new AI chatbot. It didn’t stop a single one.

Code-Scanning Tool's License at Heart of Security Breakup

Nine application security toolmakers band together to fork the popular Semgrep code-scanning project, touching off a controversy over access to features and fairness.

HeartSender Cybercrime Network Dismantled in Joint US-Dutch Operation

Massive Pakistani cybercrime network HeartSender has been shut down in a joint US-Dutch operation. Learn how their phishing…

GHSA-qr6x-62gq-4ccp: WildFly improper RBAC permission

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action. ### Impact Standalone server (Domain mode is not affected) with use access control enabled with RBAC provider can be suspended or resumed by unauthorized users. When a server is suspended, the server will stop receiving user requests. The resume handle does the opposite; it will cause a suspended server to start accepting user requests. ### Patches Fixed in [WildFly Core 27.0.1.Final](https://github.com/w...