Latest Intelligence
China’s Salt Typhoon Hacked Critical Infrastructure Globally for Years
The article discusses the activities of a China-linked advanced persistent threat group known as 'Salt Typhoon,' which has exploited vulnerabilities in routers to gain ongoing access to critical infrastructure, including telecom, government, and military networks. This has enabled extensive global surveillance capabilities for Chinese intelligence services. Read Original »
CrowdStrike to Acquire Onum to Fuel Falcon Next-Gen SIEM With Real-Time Telemetry
CrowdStrike has announced its acquisition of Onum to enhance its Falcon Next-Gen SIEM with advanced real-time telemetry capabilities. This move is expected to strengthen the security offerings of CrowdStrike's Falcon platform. Read Original »
Mitsubishi Electric MELSEC iQ-F Series CPU Module
The Mitsubishi Electric MELSEC iQ-F Series CPU module has a vulnerability that allows attackers to intercept cleartext SLMP communication messages, potentially obtaining credential information and manipulating device values. This security flaw could lead to unauthorized access and disruption of operations. Read Original »
Delta Electronics COMMGR
Delta Electronics COMMGR versions 2.9.0 and prior are vulnerable to critical security flaws, including a stack-based buffer overflow and code injection, which could allow attackers to execute arbitrary code. Users are advised to update to version 2.10.0 or later to mitigate these risks. Read Original »
CISA Releases Nine Industrial Control Systems Advisories
CISA has released nine advisories addressing various security vulnerabilities in Industrial Control Systems (ICS) as of August 28, 2025. These advisories highlight critical issues affecting multiple products from vendors like Mitsubishi Electric and Delta Electronics, urging users to take action. Read Original »
GE Vernova CIMPLICITY
The article discusses a vulnerability in GE Vernova's CIMPLICITY software that allows low-privileged local attackers to escalate privileges due to an Uncontrolled Search Path Element. Users are advised to upgrade to CIMPLICITY 2024 SIM 4 to mitigate this issue. Read Original »
Delta Electronics CNCSoft-G2
Delta Electronics CNCSoft-G2 has a vulnerability that allows for out-of-bounds write, enabling attackers to execute arbitrary code through user interaction. Affected versions include CNCSoft-G2 version 2.1.0.20 and prior, with a CVSS v4 score of 8.5 indicating a significant risk. Read Original »
Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
Schneider Electric's Saitel DR and Saitel DP Remote Terminal Units (RTUs) have a vulnerability related to improper privilege management, allowing authenticated attackers to escalate privileges and potentially execute arbitrary code. The vulnerability has a CVSS score of 6.7 and affects specific versions of the products. Read Original »
Mitsubishi Electric MELSEC iQ-F Series CPU Module
The Mitsubishi Electric MELSEC iQ-F Series CPU module has a vulnerability due to missing authentication for critical functions, allowing attackers to read or write device values and potentially disrupt operations. This issue affects multiple versions of the MELSEC iQ-F Series products. Read Original »
Webinar: Why Top Teams Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec
The article highlights the risks associated with deploying new code that may contain vulnerabilities, which can lead to significant financial losses when exploited in the cloud. In 2025, the average cost of a data breach is projected to be $4.44 million, emphasizing the importance of code-to-cloud mapping for security. Read Original »
Webinar Today: Ransomware Defense That Meets Evolving Compliance Mandates
The article promotes a live webinar focused on enhancing ransomware defenses while addressing increasing compliance mandates. It aims to inform organizations on how to adapt their security strategies to meet these evolving requirements. Read Original »
Hidden Vulnerabilities of Project Management Tools & How FluentPro Backup Secures Them
The article highlights the vulnerabilities associated with project management tools like Trello and Asana, emphasizing the risks of data breaches that can lead to significant financial losses. A notable incident involved the exposure of private data from over 15 million Trello user profiles on a hacker forum in 2024. Read Original »
Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack
The Nx build platform, which has over 4 million weekly downloads, has been targeted in a supply chain attack where hackers utilized AI assistants to facilitate data theft. This incident marks the first known instance of AI being weaponized in such a manner. Read Original »
Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials
A supply chain attack has been reported involving malicious versions of the nx package and its plugins, which were published to npm. These malicious packages contained code capable of scanning the file system and collecting sensitive credentials, impacting users' security. Read Original »
U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits
The U.S. Treasury's OFAC has imposed sanctions on two individuals and two entities involved in a North Korean IT worker scheme that generates illicit revenue for the regime's weapons programs. This scheme has reportedly facilitated $600,000 in cryptocurrency transfers and over $1 million in profits. Read Original »