Toggle navigation
SCADA - ICS - IIoT Security Bootcamp
Cyber Range
Contact
Critical Infrastructure
SecList ICS
Threat landscape for industrial automation systems in Q3 2024
Threat landscape for industrial automation systems, Q2 2024
Security Magazine
US experiences 47% of global utilities cyberattacks
Internet-exposed HMIs are a risk to water facilities, CISA warns
Software and IT vendors linked to 67% of energy sector breaches
Iranian cyber actors are targeting critical infrastructure entities
Security experts discuss the American Water cyberattack
80% of critical infrastructure entities affected by email breaches
Windsor port authority strengthens U.S.-Canada border waterway
Protecting ships from cyber terrorism
Biden administration issues executive order to secure U.S. ports
Cadisha Miceli | Women in Security 2023
CISA MTS Guide may enhance critical infrastructure resilience
DNV appoints Anette Roll Richardsen as Director of Cybersecurity
Security experts respond to the Amazon employee data breach
Supply chain cybersecurity and modern-day cargo theft
99% of Global 2000 organizations are linked to a supply chain breach
Data breaches increased throughout 2023
Kristine Raad joins General Motors as Chief Security Officer
A new report discusses emerging global threats
Case Studies
The 2 am call: Preparing for a government cyberattack
Häfele recovers from ransomware attack with new SASE platform
Ride-hailing company, inDrive, uses new platform to prevent fraud
The Old Spaghetti Factory restaurant chain ups network & physical security
K-8 students learn cybersecurity through gamification
Electric company uses SAP monitoring to bolster cybersecurity
Windsor port authority strengthens U.S.-Canada border waterway
From the stone age to cutting edge: A case study on key management
Challenges with mobile apps as a safety solution in K-12 schools
Michigan school district deploys AI gun detection, intelligent situational awareness platform
Murray Community School District deploys gun detection technology
Virginia public school district deploys AI gun detection platform
News
Exploits
[webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
[webapps] reNgine 2.2.0 - Command Injection (Authenticated)
[webapps] openSIS 9.1 - SQLi (Authenticated)
[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
[webapps] NoteMark < 0.13.0 - Stored XSS
[webapps] Gitea 1.22.0 - Stored XSS
[webapps] Invesalius3 - Remote Code Execution
[dos] Windows TCP/IP - RCE Checker and Denial of Service
[webapps] Aurba 501 - Authenticated RCE
[webapps] HughesNet HT2000W Satellite Modem - Password Reset
[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure
[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
[webapps] Helpdeskz v2.0.2 - Stored XSS
[webapps] Calibre-web 0.6.21 - Stored XSS
[webapps] Devika v1 - Path Traversal via 'snapshot_path'
[local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path
[local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path
[local] Oracle Database 12c Release 1 - Unquoted Service Path
[webapps] Ivanti vADC 9.9 - Authentication Bypass
[local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation
[webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection
[webapps] Azon Dominator Affiliate Marketing Script - SQL Injection
[webapps] Microweber 2.0.15 - Stored XSS
[webapps] Customer Support System 1.0 - Stored XSS
[webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)
[webapps] SolarWinds Platform 2024.1 SR1 - Race Condition
[webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
[webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
[webapps] Boelter Blue System Management 1.3 - SQL Injection
[webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)
[webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)
[webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.
[webapps] XMB 1.9.12.06 - Stored XSS
[webapps] Carbon Forum 5.9.0 - Stored XSS
[webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)
[webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)
[webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)
[webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)
[webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)
[webapps] Dotclear 2.29 - Remote Code Execution (RCE)
[webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)
[webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)
[webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)
[webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)
Last 20 Website Defacements - Zone-h
Advisories