Toggle navigation
SCADA - ICS - IIoT Security Bootcamp
Cyber Range
Contact
Critical Infrastructure
SecList ICS
Threat landscape for industrial automation systems in Q1 2025
Threat landscape for industrial automation systems in Q4 2024
Security Magazine
The importance of security for power utility substations
Chinese threat actor resided in US electric grid for almost one year
US experiences 47% of global utilities cyberattacks
Internet-exposed HMIs are a risk to water facilities, CISA warns
Software and IT vendors linked to 67% of energy sector breaches
Iranian cyber actors are targeting critical infrastructure entities
Windsor port authority strengthens US-Canada border waterway
Protecting ships from cyber terrorism
Biden administration issues executive order to secure U.S. ports
Cadisha Miceli | Women in Security 2023
CISA MTS Guide may enhance critical infrastructure resilience
DNV appoints Anette Roll Richardsen as Director of Cybersecurity
Ensuring safety on the move: Strengthening security in public transportation
Nearly 1M records related to personal property were exposed
Security experts respond to the Amazon employee data breach
Supply chain cybersecurity and modern-day cargo theft
99% of Global 2000 organizations are linked to a supply chain breach
Data breaches increased throughout 2023
Case Studies
The 2 am call: Preparing for a government cyberattack
Häfele recovers from ransomware attack with new SASE platform
Ride-hailing company, inDrive, uses new platform to prevent fraud
The Old Spaghetti Factory restaurant chain ups network & physical security
K-8 students learn cybersecurity through gamification
Electric company uses SAP monitoring to bolster cybersecurity
Campus collaboration: a security-focused work management platform
Windsor port authority strengthens US-Canada border waterway
From the stone age to cutting edge: A case study on key management
Challenges with mobile apps as a safety solution in K-12 schools
Michigan school district deploys AI gun detection, intelligent situational awareness platform
Murray Community School District deploys gun detection technology
News
Exploits
[remote] Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
[remote] CrushFTP 11.3.1 - Authentication Bypass
[remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
[local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
[local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
[webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
[webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
[local] RDPGuard 9.9.9 - Privilege Escalation
[remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
[local] VirtualBox 7.0.16 - Privilege Escalation
[webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
[webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
[local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
[webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
[webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
[webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
[local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
[local] ZTE ZXV10 H201L - RCE via authentication bypass
[local] Daikin Security Gateway 14 - Remote Password Reset
[local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
[local] unzip-stream 0.3.1 - Arbitrary File Write
[local] Microsoft Windows 11 - Kernel Privilege Escalation
[webapps] WordPress Core 6.2 - Directory Traversal
[remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
[remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
[remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
[local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
[remote] OpenSSH server (sshd) 9.8p1 - Race Condition
[local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
[webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
[webapps] Drupal 11.x-dev - Full Path Disclosure
[webapps] KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
[webapps] UJCMS 9.6.3 - User Enumeration via IDOR
[webapps] Inventio Lite 4 - SQL Injection
[remote] Langflow 1.3.0 - Remote Code Execution (RCE)
[webapps] Apache Commons Text 1.10.0 - Remote Code Execution
[webapps] Tatsu 3.3.11 - Unauthenticated RCE
[webapps] Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
[local] AnyDesk 9.0.1 - Unquoted Service Path
[webapps] compop.ca 3.5.3 - Arbitrary code Execution
[webapps] Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation
[webapps] Usermin 2.100 - Username Enumeration
[webapps] Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)
[hardware] ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal
[hardware] ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution
[remote] TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)
Last 20 Website Defacements - Zone-h
Advisories