Our news

  • Vulnerability Summary for the Week of August 25, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000projects–Online Project Report Submission and Evaluation System A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/delete_group_student.php. The manipulation of the argument batch_id leads to sql injection. The attack

    READ MORE

  • CISA Shares Lessons Learned from an Incident Response Engagement

    Advisory at a Glance Executive Summary CISA began incident response efforts at a U.S. federal civilian executive branch (FCEB) agency following the detection of potential malicious activity identified through security alerts generated by the agency’s endpoint detection and response (EDR) tool. CISA identified three lessons learned from the engagement that illuminate how to effectively mitigate

    READ MORE

  • Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System

    Executive summary People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks. While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised

    READ MORE

  • The Road Map to Illinois Being a Centralizing Force in Cyber Security

    Illinois is known as the transportation hub of the United States, utilizing Chicago and its geographical center in America.  In 2019, The State of Illinois did a major push through the budget to fund large investments into data centers around northern Illinois. The state’s investment in its infrastructure, bolstered by House Bill 3293 (HB 3293),

    READ MORE

  • Session Hijacking

    There are many different types of session hijacking, including session fixation, man-in-the-middle attacks, and active session hijacking. In active session hijacking, an attacker takes over a live session by stealing the session ID while the victim is already logged in. This can be done through methods such as network sniffing or cross-site scripting. The goal

    READ MORE

  • When AI Imitates the Voice of Someone You Trust

    Imagine getting a call from someone who sounds exactly like your wife, boss, or grandson. They are in trouble and need your help. But here’s the trick: it’s not them. It is artificial intelligence (AI). According to the Identity Theft Resource Center (ITRC), the number of AI-based frauds has increased by 148 percent this year.

    READ MORE

  • Caller ID Spoofing

    There are many different types of spoofing, from email spoofing to caller spoofing. The purpose behind spoofing is to deceive a system or person by impersonating a trusted source. The goal could be a variety of things, such as, gain unauthorized access, stealing information, bypass security controls, deliver malware, perform fraud and more. Description: Caller

    READ MORE

  • Vulnerability Summary for the Week of August 11, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Sales Management System A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has been

    READ MORE

  • CISA Releases Thirty-Two Industrial Control Systems Advisories

    CISA released thirty-two Industrial Control Systems (ICS) advisories on August 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-226-01 Siemens SIMATIC RTLS Locating Manager ICSA-25-226-02 Siemens COMOS ICSA-25-226-03 Siemens Engineering Platforms ICSA-25-226-04 Siemens Simcenter Femap ICSA-25-226-05 Siemens Wibu CodeMeter Runtime ICSA-25-226-06 Siemens Opcenter Quality ICSA-25-226-07 Siemens Third-Party Components in SINEC OS ICSA-25-226-08 Siemens RUGGEDCOM CROSSBOW

    READ MORE

  • CISA and Partners Release Asset Inventory Guidance for Operational Technology Owners and Operators

    CISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency, and several international partners, released comprehensive guidance to help operational technology (OT) owners and operators across all critical infrastructure sectors create and maintain OT asset inventories and supplemental taxonomies.  An asset inventory is a regularly updated, structured list of an

    READ MORE