Latest Intelligence
Siemens SINEC NMS
Siemens SINEC NMS has a vulnerability related to SQL injection that could allow authenticated low privileged attackers to escalate privileges. The vulnerability affects versions prior to V4.0 SP1 and has a CVSS v4 score of 8.7, indicating a significant risk. Read Original »
Rockwell Automation FactoryTalk ViewPoint
Rockwell Automation's FactoryTalk ViewPoint has a vulnerability that allows unauthenticated attackers to perform XML external entity injection, potentially causing a temporary denial-of-service. The issue affects certain versions of the PanelView Plus terminals and has been assigned CVE-2025-9066. Read Original »
CISA Releases Thirteen Industrial Control Systems Advisories
CISA has released thirteen advisories addressing security vulnerabilities in various Industrial Control Systems (ICS) on October 16, 2025. These advisories aim to inform users and administrators about current security issues and provide guidance on mitigations. Read Original »
Rockwell Automation ArmorStart AOP
Rockwell Automation's ArmorStart AOP has a vulnerability that can lead to a denial-of-service condition due to uncaught exceptions when invalid values are input into COM methods. This issue affects versions V2.05.07 and prior, with no fix currently available. Read Original »
Siemens SiPass Integrated
Siemens SiPass Integrated has several vulnerabilities that could allow unauthorized access and manipulation of user accounts, including buffer overflow and cross-site scripting issues. Users are advised to update to the latest version and implement security measures to mitigate risks. Read Original »
Siemens TeleControl Server Basic
Siemens TeleControl Server Basic has a critical vulnerability that allows unauthenticated remote attackers to obtain user password hashes and perform authenticated operations on the database service. The vulnerability, identified as CVE-2025-40765, has a high CVSS score indicating significant risk. Read Original »
Rockwell Automation FactoryTalk Linx
Rockwell Automation's FactoryTalk Linx has critical vulnerabilities related to privilege chaining that allow authenticated attackers to gain SYSTEM-level access, potentially compromising all files and system resources. Two specific CVEs, CVE-2025-9067 and CVE-2025-9068, have been identified, both with a CVSS v4 score of 8.5. Read Original »
Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking
Fuji Electric has identified vulnerabilities in its HMI Configurator that could expose industrial organizations to hacking risks. In response, the company has released patches, and Japan's JPCERT has alerted organizations about these security issues. Read Original »
Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform
Security Operations Centers (SOCs) are facing immense challenges due to the overwhelming volume of alerts, with organizations averaging 960 alerts daily and larger enterprises exceeding 3,000. A significant portion of these alerts remains uninvestigated, indicating a critical need for enhanced solutions such as AI-driven platforms. Read Original »
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in "Zero Disco' Attacks
Cybersecurity researchers have revealed a campaign named Operation Zero Disco, which exploits a vulnerability in Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older systems. The vulnerability, identified as CVE-2025-20352, has a CVSS score of 7.7, indicating a significant security risk. Read Original »
Cisco Routers Hacked for Rootkit Deployment
Threat actors are exploiting a recent Cisco zero-day vulnerability, CVE-2025-20352, to deploy a rootkit on older networking devices. This highlights a significant security risk for users of affected Cisco routers. Read Original »
US Charges Cambodian Executive in Massive Crypto Scam and Seizes More Than $14 Billion in Bitcoin
The U.S. government has charged a Cambodian executive for his role in a large-scale cryptocurrency scam that involved exploiting forced labor to defraud investors. Over $14 billion in bitcoin has been seized as part of the investigation, with funds allegedly used to purchase luxury items. Read Original »
Beware the Hidden Costs of Pen Testing
The article emphasizes the importance of a tailored approach to penetration testing, warning against traditional methods that can be inflexible and costly. It highlights that while pen testing is beneficial for securing IT systems, a one-size-fits-all strategy may lead to suboptimal outcomes. Read Original »
Four-Year Prison Sentence for PowerSchool Hacker
Matthew Lane was sentenced to four years in prison after pleading guilty to extorting two companies by hacking into their networks and stealing information. This case highlights the ongoing issues of cybersecurity threats and the legal consequences for such criminal activities. Read Original »
ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More
The article highlights the rapid evolution of online threats where everyday technology is misused for malicious purposes. Hackers are increasingly leveraging trusted tools and platforms to deceive users and gain unauthorized access. Read Original »