Security & IT News

AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers

Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users.

Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-141-05.json strong View CSAF /strong /a /p h2 Summary /h2 p strong ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the flash memory to alter the firmware behavior. /strong /p p The following versions of ABB Terra AC Wallbox are affected: /p ul li Terra AC wallbox (JP) lt;=1.8.33, 1.8.36 (CVE-2025-10504, CVE-2025-12142, CVE-2025-12143) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 6.1 /td td ABB /td td ABB Terra AC Wallbox /td td Heap-based Buffer Overflow, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Energy /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-10504 /a /h3 div class= csaf-accordion-content p There is potential risk to pollute the memory when developing apps which has used to communicate with charger according to self-defined protocol if developers don’t strictly follow the field length which has not been validated in firmware. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-10504 View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB Terra AC Wallbox /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br ABB /div div class= ics-version strong Product Version: /strong br ABB Terra AC wallbox (JP) lt;=1.8.33 /div div class= ics-status strong Product Status: /strong br fixed, known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Vendor fix /strong br The problem is corrected in the following product version; apply the following update depending on product variant: Terra AC wallbox (JP) 1.8.36 ABB recommends that customers apply the update at earliest convenience. /p p strong Mitigation /strong br To attack with this kind of message, hackers must hijack Bluetooth first and then can send messages. Because the communication messages between BLE and charger have been encrypted. In theory, there is no way to attack the charger. /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/122.html CWE-122 Heap-based Buffer Over

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-141-01.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Hitachi Energy is aware of the vulnerability, CVE-2022-4304 in the OSS component OpenSSL, that affects the GMS600 versions that are listed below. An attacker successfully exploiting this vulnerability could send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. For immediate mitigation /workaround information, please refer to the General Mitigation Factors/Workarounds /strong /p p The following versions of Hitachi Energy GMS600 are affected: /p ul li GMS600 vers:GMS600/ gt;=1.3.0| lt;=1.3.1 (CVE-2022-4304) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 5.9 /td td Hitachi Energy /td td Hitachi Energy GMS600 /td td Observable Discrepancy /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2022-4304 /a /h3 div class= csaf-accordion-content p A timing-based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. /p p a href= https://www.cve.org/CVERecord?id=CVE-2022-4304 View CVE Details /a /p hr h4 Affected Products /h4 h5 Hitachi Energy GMS600 /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Hitachi Energy /div div class= ics-version strong Product Version: /strong

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-141-03.json strong View CSAF /strong /a /p h2 Summary /h2 p strong ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that replaces an outdated third-party component. Although no successful exploitation was observed during testing of the affected B amp;R products, the identified vulnerabilities could present potential attack vectors that might enable unauthorized access, data exposure, or remote code execution. /strong /p p The following versions of ABB B amp;R Automation Studio are affected: /p ul li B amp;R Automation Studio lt;6.5, 6.5 (CVE-2025-6965, CVE-2025-3277, CVE-2023-7104, CVE-2022-35737, CVE-2020-15358, CVE-2020-13632, CVE-2020-13631, CVE-2020-13630, CVE-2020-13435, CVE-2020-13434, CVE-2020-11656, CVE-2020-11655, CVE-2019-19646, CVE-2019-19645, CVE-2019-8457, CVE-2018-20506, CVE-2018-20505, CVE-2018-20346, CVE-2018-8740, CVE-2017-10989, CVE-2016-6153, CVE-2015-6607, CVE-2015-5895, CVE-2015-3717, CVE-2015-3416) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 9.8 /td td ABB /td td ABB B amp;R Automation Studio /td td Numeric Truncation Error, Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, NULL Pointer Dereference, Incorrect User Management, Use After Free, Integer Overflow or Wraparound, Improper Check for Unusual or Exceptional Conditions, Uncontrolled Recursion, Out-of-bounds Read, Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Energy /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-6965 /a /h3 div class= csaf-accordion-content p There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-6965 View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB B amp;R Automation Studio /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br ABB /div div class= ics-version strong Product Version: /strong br ABB B amp;R Automation Studio lt;6.5 /d

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-141-02.json strong View CSAF /strong /a /p h2 Summary /h2 p strong ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. A network attacker could exploit the vulnerabilities to execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information. /strong /p p The following versions of ABB B amp;R PCs are affected: /p ul li APC4100 lt;1.09, 1.09 (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237) /li li APC910 lt;=1.25 (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237) /li li C80 lt;1.14, 1.14 (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237) /li li MPC3100 lt;1.24, 1.24 (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237) /li li PPC1200 lt;1.14, 1.14 (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237) /li li PPC900 lt;2.16, 2.16 (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237) /li li APC2200 lt;1.35, 1.35 (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237) /li li PPC2200 lt;1.35, 1.35 (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237) /li li APC3100 lt;1.45, 1.45 (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237) /li li PPC3100 lt;1.45, 1.45 (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 8.3 /td td ABB /td td ABB B amp;R PCs /td td Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Loop with Unreachable Exit Condition ('Infinite Loop'), Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Energy /li li stro

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-141-04.json strong View CSAF /strong /a /p h2 Summary /h2 p strong An update is available that resolves a vulnerability identified by B amp;Rs internal security analysis in the product versions listed as affected in this advisory. An attacker who successfully exploited these vulnerabilities could take over a remote session or execute code in the context of the user’s browser session. /strong /p p The following versions of ABB B amp;R Automation Runtime are affected: /p ul li Automation Runtime lt;6.4, 6.4 (CVE-2025-3449, CVE-2025-3448, CVE-2025-11498) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 6.1 /td td B amp;R /td td ABB B amp;R Automation Runtime /td td Generation of Predictable Numbers or Identifiers, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Neutralization of Formula Elements in a CSV File /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Energy /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-3449 /a /h3 div class= csaf-accordion-content p A Generation of Predictable Numbers or Identifiers vulnerability in the SDM component of B amp;R Automation Runtime versions before 6.4 may allow an unauthenticated network-based attacker to take over already established sessions. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-3449 View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB B amp;R Automation Runtime /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br B amp;R /div div class= ics-version strong Product Version: /strong br Automation Runtime lt;6.4 /div div class= ics-status strong Product Status: /strong br fixed, known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Vendor fix /strong br The problem is corrected in Automation Runtime 6.4. The System Diagnostic Manager (SDM) is disabled by default in Automation Runtime 6 and is not intended be enabled on active systems located outside properly secured production networks or in facilities lacking adequate physical and logical access controls to prevent any form of unauthorized interaction. For customers who use SDM on their systems, B amp;R recommends applying the update based on risk assessment at the earliest convenience. The process to install updates is described in the

p CISA has added two new vulnerabilities to its a href= /known-exploited-vulnerabilities-catalog data-entity-type= node data-entity-uuid= 79453b83-86b9-4e2f-b1ec-abf73c6eb291 data-entity-substitution= canonical title= Known Exploited Vulnerabilities Catalog Known Exploited Vulnerabilities (KEV) Catalog /a , based on evidence of active exploitation. /p ul li a href= https://www.cve.org/CVERecord?id=CVE-2025-34291 target= _blank CVE-2025-34291 /a Langflow Origin Validation Error Vulnerability /li li a href= https://www.cve.org/CVERecord?id=CVE-2026-34926 target= _blank CVE-2026-34926 /a Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability /li /ul p These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. /p p a href= https://www.cisa.gov/binding-operational-directive-22-01 Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities /a established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the a href= https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf BOD 22-01 Fact Sheet /a for more information. /p p Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of a href= /known-exploited-vulnerabilities-catalog data-entity-type= node data-entity-uuid= 79453b83-86b9-4e2f-b1ec-abf73c6eb291 data-entity-substitution= canonical title= Known Exploited Vulnerabilities Catalog KEV Catalog vulnerabilities /a as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the a href= https://www.cisa.gov/known-exploited-vulnerabilities specified criteria /a . nbsp; /p

This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. The danger is in normal things now - updates, apps, cloud buttons, support chats, trusted accounts. AI

The loophole allows spammers and scammers to send emails from a legitimate Microsoft email address typically used for sending genuine account alerts.

Cybersecurity researchers expose a 10-month global Android malware campaign using fake apps to secretly charge users through premium SMS bills.

Flipper Devices, the maker of the Flipper Zero pentesting tool, is asking the community to help build Flipper One, an open Linux platform for connected devices. [...]

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. "Improper link resolution before file access ('link following') in Microsoft Defender

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have opened a path to some 98% of entities in the company's cloud

Despite Internet Explorer’s retirement, hackers are abusing the legacy MSHTA utility in stealthy fileless malware attacks targeting Windows users.

Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack

On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. [...]

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack. [...]