Aggregator

CISA released ten Industrial Control Systems (ICS) advisories on September 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-273-01 MegaSys Enterprises Telenium Online Web Application
• ICSA-25-273-02 Festo SBRD-Q/SBOC-Q/SBOI-Q
• ICSA-25-273-03 Festo CPX-CEC-C1 and CPX-CMXX
• ICSA-25-273-04 Festo Controller CECC-S,-LK,-D Family Firmware
• ICSA-25-273-05 OpenPLC_V3
• ICSA-25-273-06 National Instruments Circuit Design Suite
• ICSA-25-273-07 LG Innotek Camera Multiple Models
• ICSA-25-063-02 Keysight Ixia Vision Product Family (Update A)
• ICSA-22-298-02 HEIDENHAIN Controller TNC (Update A)
• ICSA-25-226-26 Rockwell Automation FLEX 5000 I/O (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

The Center for AI Standards and Innovation at NIST evaluated several leading models from DeepSeek, an AI company based in the People’s Republic of China.

Update: The comment period for your feedback on the second public draft of NIST IR 8259 has been extended through December 10, 2025. Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers’ cybersecurity needs and expectations. Thank you so much for the thoughtful comments and feedback throughout this process; 400+ participants across industry, consumer

Физический ИИ учится выживать в сложном мире благодаря новым моделям.

来个课程点赞转发送知识星球的活动！

The Problem: Legacy SOCs and Endless Alert Noise Every SOC leader knows the feeling: hundreds of alerts pouring in, dashboards lighting up like a slot machine, analysts scrambling to keep pace. The harder they try to scale people or buy new tools, the faster the chaos multiplies. The problem is not just volume; it is the model itself. Traditional SOCs start with rules, wait for alerts to fire,

Om Nederland goed te kunnen verdedigen, wil Defensie dat in het dorp Herwijnen zo snel mogelijk een radarinstallatie komt. Gisteren is al begonnen met de verbreding van de inrit naar het terrein. De toegangsweg is momenteel te smal voor het materieel van de bouwer. Dat meldde staatssecretaris Tuinman gisteren in een brief aan de Kamer.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting the active exploitation of a serious vulnerability in the Libraesva Email Security Gateway (ESG). Cataloged as CVE-2025-59689, this command injection vulnerability has emerged as a significant threat for organizations relying on Libraesva’s email security defenses. Libraesva’s Email Security Gateway is widely […]

The post CISA Issues Alert on Actively Exploited Libraesva ESG Command Injection Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Western Digital has fixed a critical remote code execution vulnerability (CVE-2025-30247) in the firmware powering its My Cloud network-attached storage (NAS) devices, and has urged users to upgrade as soon as possible. About CVE-2025-30247 Western Digital’s My Cloud devices are designed for home and small business users, to store documents and other content and access it via mobile apps or web browser. In small office settings, it’s also often used as a server for backups … More →

The post Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247) appeared first on Help Net Security.

在 Linux 6.17 将 Bcachefs 文件系统列为由外部维护并且没有合并任何 Bcachefs 维护者 Kent Overstreet 递交的拉取请求之后，Linus Torvalds 在 Linux 6.18 中完全移除了 Bcachefs，总共删除了 11.7 万行代码。Torvalds 评论说，Bcachefs 现在是一个 DKMS 模块，内核代码过时了，删除内核中的代码以避免版本混淆。

Хакеры активно используют CVE-2025-32463 для взлома организаций. Ваша может быть следующей.

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called UNC5174, according to NVISO Labs. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), a local privilege escalation bug affecting the following versions - VMware Cloud Foundation 4.x and 5.x VMware

The Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent alert for system administrators and IT teams worldwide. Researchers have confirmed that attackers are actively exploiting a serious vulnerability in the sudo utility used on many Linux and Unix systems. This flaw, tracked as CVE-2025-32463, could allow attackers to gain full administrative control of affected machines. Sudo […]

The post CISA Issues Alert on Active Exploitation of Linux and Unix Sudo Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Ivanti released Ivanti Connect Secure (ICS) version 25.X. The update includes a modernized enterprise-grade OS, platform hardening, and gateway enhancements designed to reduce vulnerabilities, shrink attack surfaces, and improve resilience. Enterprise security is central to Connect Secure 25.X. Many legacy software components have been rearchitected with security in mind. These enhancements include a secure web server and Web Application Firewall (WAF), Secure Boot protection, disk encryption, key management, and secure factory reset, to name a … More →

The post Ivanti upgrades Connect Secure with hardened system and gateway improvements appeared first on Help Net Security.