Our news

Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and other U.S. and international partners released a joint Cybersecurity Advisory, Russian GRU Targeting Western Logistics Entities and Technology Companies.   This advisory details a Russian state-sponsored cyber espionage-oriented campaign targeting technology companies and logistics entities, including those involved in the coordination, transport, and

READ MORE →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info admintwentytwenty–UiPress lite | Effortless custom dashboards, admin themes and pages The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uip_process_form_input() function. This is

READ MORE →

CISA released twenty-two Industrial Control Systems (ICS) advisories on May 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-135-01 Siemens RUGGEDCOM APE1808 Devices ICSA-25-135-02 Siemens INTRALOG WMS ICSA-25-135-03 Siemens BACnet ATEC Devices ICSA-25-135-04 Siemens Desigo ICSA-25-135-05 Siemens SIPROTEC and SICAM ICSA-25-135-06 Siemens Teamcenter Visualization ICSA-25-135-07 Siemens IPC

READ MORE →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1clickmigration–1 Click WordPress Migration Plugin 100% FREE for a limited time The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘start_restore’ function

READ MORE →

Starting May 12, CISA is changing how we announce cybersecurity updates and the release of new guidance. These announcements will only be shared through CISA social media platforms, email, and RSS feeds and will no longer be listed on our Cybersecurity Alerts & Advisories webpage.   The focus of our Cybersecurity Alerts & Advisories webpage will

READ MORE →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Novel-Plus–Novel-Plus A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.java. The manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed

READ MORE →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info AdeptLanguage–Adept  Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containing the run’s GITHUB_TOKEN.

READ MORE →

High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source Info apple — macos A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in

READ MORE →