Critical Infrastructure

SecList ICS

• Threat landscape for industrial automation systems in Q4 2025
• Anatomy of a Cyber World Global Report 2026

Security Magazine

• Security Experts Discuss Validity of Handala’s Cal Water Hacking Claim
• Why Are People Entering NYC’s Sewers at Night?
• Why Energy Infrastructure Is Cybersecurity’s Next Frontier
• When Metal Theft Becomes a Life Safety Crisis
• Venice Hydraulic Pump System Hacked, Hackers Claim Power to Create Floods
• Iranian-Linked Cyber Actors Target US Critical Infrastructure, Security Leaders Respond

• No More Failures of Imagination: Future Proofing Airport Employee Screening
• Security Leaders Discuss Cyberattack on American Airlines Subsidiary
• Cyberattack Disrupts European Airports, Security Leaders Respond
• Integrating Mass Notification with Video Surveillance in Airports
• Windsor port authority strengthens US-Canada border waterway
• Protecting ships from cyber terrorism

• Critical Crossings: Securing Bridges and Tunnels
• Inside the Modern Warehouse: Securing the World’s New Front Door
• Pro-Iranian Actor Claims L.A. Metro Cyberattack
• Airport Security Challenges in the Midst of the DHS Shutdown
• From Farm to Table: Securing the Future of Agriculture with Innovative Technology
• Layered Secure Entrances Strengthen Warehouse and Supply Chain Security

Case Studies

• The 2 am call: Preparing for a government cyberattack
• Häfele recovers from ransomware attack with new SASE platform
• Ride-hailing company, inDrive, uses new platform to prevent fraud
• The Old Spaghetti Factory restaurant chain ups network & physical security
• K-8 students learn cybersecurity through gamification
• Electric company uses SAP monitoring to bolster cybersecurity

• Thornton Township High School District Implements ZeroEyes
• Transforming Higher Ed Safety and Efficiency with Cloud-Based Access Control
• Pennsylvania School District Adopts AI-Driven Gun Detection Technology
• Protecting 14 Campuses, All With Different Needs
• Campus collaboration: a security-focused work management platform
• Windsor port authority strengthens US-Canada border waterway

News

Exploits

• [webapps] OpenEMR 7.0.2 - Arbitrary File Read
• [webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection
• [webapps] Drupal Core 10.5.5 - Error-Based SQL Injection
• [webapps] WordPress OrderConvo 14 - Path Traversal
• [remote] Notepad++ 8.9.6 - Arbitrary Code Execution
• [webapps] YAMCS yamcs-core 5.12.7 - No Rate Limiting
• [webapps] YAMCS yamcs-core 5.12.7 - User Enumeration
• [webapps] YAMCS yamcs-core 5.12.7 - LDAP Injection
• [remote] Microsoft - NTLMv2 Hash Capture
• [webapps] MikroORM 7.0.13 - SQL Injection
• [webapps] Prodigy Commerce 3.3.0 - Local File Inclusion
• [webapps] Langflow 1.3.0 - Remote Code Execution
• [webapps] Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
• [local] ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
• [local] ZTE Routers - Unauthenticated Denial of Service
• [local] ZTE ZXHN H188A V6 - Authentication Bypass
• [local] ZTE H298A / H108N - Unauthenticated Credential Exposure
• [local] Linux Kernel - Local Privilege Escalation
• [webapps] MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
• [remote] Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
• [webapps] CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
• [remote] strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow
• [dos] strongSwan 5.9.13 - DoS
• [local] Linux Kernel - Local Privilege Escalation
• [webapps] Casdoor 3.54.1 - Arbitrary File Write via Path Traversal
• [webapps] EspoCRM 9.3.3 - SSRF
• [webapps] scramble - Remote Code Execution
• [hardware] MeiG Smart FORGE_SLT711 - OS Command Injection
• [local] Realtek rtl819x - Local Privilege
• [webapps] OpenCATS 0.9.7.4 - SQL Injection
• [webapps] Grav CMS 2.0.0-beta.2 - Remote Code Execution
• [webapps] Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
• [hardware] D-Link DSL2600U - 'rom-0' Admin Password Disclosure
• [webapps] Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover
• [webapps] cPanel - CRLF Injection
• [local] Linux Kernel 6.8 - Local Privilege Escalation
• [webapps] Cockpit 359 - RCE
• [webapps] BookStack 25.12.1 - Denial of Service
• [local] Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path
• [webapps] solaredge - (CSRF-OOB-Injection)
• [webapps] FUXA 1.2.9 - RCE
• [local] Windows Snipping Tool - NTLMv2 Hash Hijack
• [local] Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing
• [local] Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution
• [webapps] WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI
• [webapps] Apache HertzBeat 1.8.0 - Remote Code Execution

Last 20 Website Defacements - Zone-h

Advisories