Apr 08, 2025Ravie LakshmananNetwork Security / Vulnerability Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. "An unverified password change vulnerability … [Read more...] about Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Critical
Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA
Mar 28, 2025Ravie LakshmananOperational Technology / Vulnerability Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids. The vulnerabilities have been … [Read more...] about Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
Mar 24, 2025Ravie LakshmananVulnerability / Cloud Security A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, … [Read more...] about Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Mar 21, 2025Ravie LakshmananThreat Hunting / Vulnerability Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to … [Read more...] about UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Mar 06, 2025Ravie LakshmananData Security / Software Security Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been … [Read more...] about Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors
Jan 31, 2025Ravie LakshmananVulnerability / Healthcare The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a … [Read more...] about CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
Jan 17, 2025Ravie LakshmananFirmware Security / Vulnerability Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking … [Read more...] about Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
Critical Evolution of Cloud Detection and Response
When Conventional Security Meets Modern Cloud Threats As organizations face these cross-domain attacks, the inability to connect cloud context with detection and alerting is reaching its breaking point. Most organizations begin their cloud security journey focused on visibility through CNAPP solutions. CNAPP identifies misconfigurations, excessive permissions and … [Read more...] about Critical Evolution of Cloud Detection and Response
Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers
Nov 27, 2024Ravie LakshmananVulnerability / Software Security A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made … [Read more...] about Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
Nov 26, 2024Ravie LakshmananVulnerability / Website Security Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, … [Read more...] about Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks