VulnHub

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

AI summary not available. Read original article »

Published: 2025-04-24 12:58 UTC

Vestel AC Charger

A vulnerability (CVE-2025-3606) in Vestel's AC Charger could allow unauthorized access to sensitive information, potentially leading to denial of service or integrity loss. Users are urged to update their devices to mitigate risks associated with this exposure.

Impact: Vestel AC Charger EVC04: Version 3.75.0

In the Wild: No

Age: Recently disclosed

Remediation: Update to version 3.187 or higher, use secure networks, and manage login credentials.

Published: 2025-04-24 12:00 UTC

ALBEDO Telecom Net.Time - PTP/NTP Clock

A vulnerability in ALBEDO Telecom's Net.Time - PTP/NTP clock, identified as CVE-2025-2185, allows for insufficient session expiration, potentially enabling attackers to intercept passwords over unencrypted connections. This poses a significant risk to critical infrastructure sectors worldwide.

Impact: Net.Time - PTP/NTP clock (Serial No. NBC0081P), ALBEDO Telecom

In the Wild: No

Age: Discovered in April 2025

Remediation: Update to software release v1.6.1, minimize network exposure, use secure remote access methods like VPNs.

Published: 2025-04-24 12:00 UTC

Planet Technology Network Products

Multiple critical vulnerabilities have been identified in Planet Technology Network Products, including OS command injection and hard-coded credentials, potentially allowing unauthorized access and manipulation of device data. These vulnerabilities pose significant risks to critical infrastructure systems worldwide.

Impact: Planet Technology UNI-NMS-Lite, NMS-500, NMS-1000V, WGS-804HPT-V2, WGS-4215-8T2S

In the Wild: No

Age: Recently disclosed

Remediation: Apply patches released by Planet Technology for affected devices and implement defensive measures to minimize exploitation risk.

Published: 2025-04-24 12:00 UTC

Nice Linear eMerge E3

A serious OS command injection vulnerability (CVE-2024-9441) has been identified in the Nice Linear eMerge E3 system, allowing remote attackers to execute arbitrary OS commands. This flaw poses significant risks, especially in critical infrastructure sectors.

Impact: Nice Linear eMerge E3: Versions 1.00-07 and prior

In the Wild: No

Age: Discovered recently

Remediation: Vendor advisory pending; implement defensive measures such as minimizing network exposure and using secure remote access methods.

Published: 2025-04-24 12:00 UTC

Schneider Electric Modicon Controllers

Multiple vulnerabilities have been identified in Schneider Electric's Modicon controllers, including trust boundary violations and authentication bypasses, which could lead to unauthorized access and potential denial-of-service. These issues pose significant risks to the availability and security of the affected systems.

Impact: Modicon M580, Modicon M340, Modicon Premium, Modicon Quantum, Modicon Momentum CPU

In the Wild: Unknown

Age: Disclosed recently

Remediation: Update to the latest firmware versions as specified by the vendor.

Published: 2025-04-24 12:00 UTC

CISA Releases Seven Industrial Control Systems Advisories

CISA has released seven advisories addressing vulnerabilities in various Industrial Control Systems (ICS), highlighting significant security concerns that could affect operational integrity. Users and administrators are urged to review these advisories for detailed technical information and mitigation strategies.

Impact: Schneider Electric Modicon Controllers, ALBEDO Telecom Net.Time - PTP/NTP Clock, Vestel AC Charger, Nice Linear eMerge E3, Johnson Controls ICU, Planet Technology Network Products, Fuji Electric Monitouch V-SFT

In the Wild: Unknown

Age: Disclosed on April 24, 2025

Remediation: Review advisories for technical details and implement recommended mitigations.

Published: 2025-04-24 12:00 UTC

Johnson Controls ICU

A stack-based buffer overflow vulnerability (CVE-2025-26382) has been identified in Johnson Controls' ICU software, affecting versions prior to 6.9.5. Successful exploitation could allow attackers to execute arbitrary code, posing significant risks to critical infrastructure sectors.

Impact: Johnson Controls ICU versions prior to 6.9.5

In the Wild: No

Age: Discovered recently, reported on April 24, 2025

Remediation: Upgrade ICU to Version 6.9.5 and implement recommended cybersecurity strategies.

Published: 2025-04-24 12:00 UTC

SecLytics Rebrands as Augur Security, Raises $7M in Seed Funding

AI summary not available. Read original article »

Published: 2025-04-24 12:00 UTC

Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

AI summary not available. Read original article »

Published: 2025-04-24 11:27 UTC

AI-Powered Polymorphic Phishing Is Changing the Threat Landscape

AI summary not available. Read original article »

Published: 2025-04-24 11:00 UTC

Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign

AI summary not available. Read original article »

Published: 2025-04-24 10:30 UTC

FBI: Cybercrime Losses Surpassed $16.6 Billion in 2024

AI summary not available. Read original article »

Published: 2025-04-24 10:14 UTC

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely

AI summary not available. Read original article »

Published: 2025-04-24 10:00 UTC

Blue Shield of California Data Breach Impacts 4.7 Million People

AI summary not available. Read original article »

Published: 2025-04-24 08:55 UTC