Critical Infrastructure

SecList ICS

• Threat landscape for industrial automation systems in Q4 2025
• Anatomy of a Cyber World Global Report 2026

Security Magazine

• Why Energy Infrastructure Is Cybersecurity’s Next Frontier
• When Metal Theft Becomes a Life Safety Crisis
• Venice Hydraulic Pump System Hacked, Hackers Claim Power to Create Floods
• Iranian-Linked Cyber Actors Target US Critical Infrastructure, Security Leaders Respond
• Nuclear Facility Cyberattack Investigated as Possible Iranian Exploit
• Grid Protection in Severe Weather: What Security Leaders Need to Know

• No More Failures of Imagination: Future Proofing Airport Employee Screening
• Security Leaders Discuss Cyberattack on American Airlines Subsidiary
• Cyberattack Disrupts European Airports, Security Leaders Respond
• Integrating Mass Notification with Video Surveillance in Airports
• Windsor port authority strengthens US-Canada border waterway
• Protecting ships from cyber terrorism

• Inside the Modern Warehouse: Securing the World’s New Front Door
• Pro-Iranian Actor Claims L.A. Metro Cyberattack
• Airport Security Challenges in the Midst of the DHS Shutdown
• From Farm to Table: Securing the Future of Agriculture with Innovative Technology
• Layered Secure Entrances Strengthen Warehouse and Supply Chain Security
• How Air Travel Became Safer Through Cashless Service

Case Studies

• The 2 am call: Preparing for a government cyberattack
• Häfele recovers from ransomware attack with new SASE platform
• Ride-hailing company, inDrive, uses new platform to prevent fraud
• The Old Spaghetti Factory restaurant chain ups network & physical security
• K-8 students learn cybersecurity through gamification
• Electric company uses SAP monitoring to bolster cybersecurity

• Transforming Higher Ed Safety and Efficiency with Cloud-Based Access Control
• Pennsylvania School District Adopts AI-Driven Gun Detection Technology
• Protecting 14 Campuses, All With Different Needs
• Campus collaboration: a security-focused work management platform
• Windsor port authority strengthens US-Canada border waterway
• From the stone age to cutting edge: A case study on key management

News

Exploits

• [remote] telnetd 2.7 - Buffer Overflow
• [webapps] Ghost CMS 6.19.0 - SQLi
• [webapps] LuaJIT 2.1.1774638290 - Arbitrary Code Execution
• [webapps] Bludit CMS 3.18.4 - RCE
• [local] NocoBase 2.0.27 - VM Sandbox Escape
• [webapps] ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF)
• [local] Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalation
• [local] Linux nf_tables 6.19.3 - Local Privilege Escalation
• [hardware] Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow (RCE)
• [webapps] MindsDB 25.9.1.1 - Path Traversal
• [local] Windows 11 24H2 - Local Privilege Escalation
• [webapps] Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH)
• [webapps] FUXA 1.2.8 - Authentication Bypass + RCE Exploit
• [webapps] Python-Multipart 0.0.22 - Path Traversal
• [local] Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap
• [local] Windows 11 23H2 - Denial of Service (DoS)
• [webapps] Repetier-Server 1.4.10 - Path Traversal
• [webapps] HUSTOJ Zip-Slip v26.01.24 - RCE
• [webapps] BusyBox 1.37.0 - Path Traversal
• [local] Windows 11 25H2 - Heap Overflow
• [webapps] JUNG Smart Visu Server 1.1.1050 - Dos
• [webapps] SumatraPDF 3.5.2 - Remote Code Execution
• [webapps] NiceGUI 3.6.1 - Path Traversal
• [webapps] Frigate NVR 0.16.3 - Remote Code Execution
• [webapps] Js2Py 0.74 - RCE
• [webapps] Camaleon CMS v2.9.0 - Path Traversal
• [webapps] Cybersecurity AI (CAI) Framework 0.5.10 - Command Injection
• [webapps] Erugo 0.2.14 - Remote Code Execution (RCE)
• [webapps] deephas 1.0.7 - Prototype Pollution
• [webapps] SUSE Manager 4.3.15 - Code Execution
• [webapps] HAX CMS 24.x - Stored Cross-Site Scripting (XSS)
• [webapps] Craft CMS 5.6.16 - RCE
• [local] GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation
• [webapps] phpMyFAQ 4.0.16 - Improper Authorization
• [webapps] GeographicLib v2.5.1 - stack buffer overflow
• [local] OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)
• [webapps] OpenKM 6.3.12 - Multiple
• [webapps] GUnet OpenEclass E-learning platform < 4.2 - Remote Code Execution (RCE)
• [webapps] JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution
• [webapps] FacturaScripts 2025.43 - XSS
• [webapps] Xibo CMS 4.3.0 - RCE via SSTI
• [local] Fedora - Local Privilege Escalation
• [webapps] LangChain Core 1.2.4 - SSTI/RCE
• [local] Atlona ATOMERX21 - Authenticated Command Injection
• [local] Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation
• [webapps] WordPress Plugin 5.2.0 - Broken Access Control

Last 20 Website Defacements - Zone-h

Advisories