Toggle navigation
SCADA - ICS - IIoT Security Bootcamp
Cyber Range
Contact
Critical Infrastructure
SecList ICS
Threat landscape for industrial automation systems in Q1 2025
Threat landscape for industrial automation systems in Q4 2024
Security Magazine
Physical Security Measures That Respect Constitutional Rights
The importance of security for power utility substations
Chinese threat actor resided in US electric grid for almost one year
US experiences 47% of global utilities cyberattacks
Internet-exposed HMIs are a risk to water facilities, CISA warns
Software and IT vendors linked to 67% of energy sector breaches
Integrating Mass Notification with Video Surveillance in Airports
Windsor port authority strengthens US-Canada border waterway
Protecting ships from cyber terrorism
Biden administration issues executive order to secure U.S. ports
Cadisha Miceli | Women in Security 2023
CISA MTS Guide may enhance critical infrastructure resilience
Jewel Singh: Protecting Women At All Levels of an Organization
How Intelligent Video Surveillance Boosts Fleet Operations with Immediate and Long-Term Benefits
Manufacturing Security: It’s All About the Details
Ensuring safety on the move: Strengthening security in public transportation
Nearly 1M records related to personal property were exposed
Security experts respond to the Amazon employee data breach
Case Studies
The 2 am call: Preparing for a government cyberattack
Häfele recovers from ransomware attack with new SASE platform
Ride-hailing company, inDrive, uses new platform to prevent fraud
The Old Spaghetti Factory restaurant chain ups network & physical security
K-8 students learn cybersecurity through gamification
Electric company uses SAP monitoring to bolster cybersecurity
Pennsylvania School District Adopts AI-Driven Gun Detection Technology
Protecting 14 Campuses, All With Different Needs
Campus collaboration: a security-focused work management platform
Windsor port authority strengthens US-Canada border waterway
From the stone age to cutting edge: A case study on key management
Challenges with mobile apps as a safety solution in K-12 schools
News
Exploits
[webapps] Discourse 3.2.x - Anonymous Cache Poisoning
[webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
[remote] Microsoft Outlook - Remote Code Execution (RCE)
[local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
[local] Sudo 1.9.17 Host Option - Elevation of Privilege
[remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
[local] Sudo chroot 1.9.17 - Local Privilege Escalation
[remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
[webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
[remote] Microsoft SharePoint 2019 - NTLM Authentication
[remote] gogs 0.13.0 - Remote Code Execution (RCE)
[remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
[webapps] Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)
[remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
[webapps] Sitecore 10.4 - Remote Code Execution (RCE)
[remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
[remote] freeSSHd 1.0.9 - Denial of Service (DoS)
[webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
[remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
[remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
[remote] Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
[local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
[remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
[webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
[remote] WebDAV Windows 10 - Remote Code Execution (RCE)
[remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
[local] Microsoft Excel Use After Free - Local Code Execution
[webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
[remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
[local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
[webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
[webapps] Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)
[remote] PCMan FTP Server 2.0.7 - Buffer Overflow
[remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
[webapps] Roundcube 1.6.10 - Remote Code Execution (RCE)
[remote] Freefloat FTP Server 1.0 - Remote Buffer Overflow
[local] TightVNC 2.8.83 - Control Pipe Manipulation
[remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
[local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
[webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
[remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
[remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
[local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
[remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
[webapps] CloudClassroom PHP Project 1.0 - SQL Injection
[remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
Last 20 Website Defacements - Zone-h
Advisories