remote attack

Siemens’ Industrial Edge Management OS (IEM‑OS) is exposed to a remotely exploitable denial‑of‑service condition tied to the Apache Commons FileUpload library (tracked as CVE‑2025‑48976), and the vendor’s published guidance makes clear that affected IEM‑OS installs — all reported versions — have...

The Indian Computer Emergency Response Team (CERT-In) has recently issued a high-severity advisory concerning multiple vulnerabilities in Microsoft Windows and Office products. These security flaws could potentially allow attackers to gain elevated privileges, access sensitive data, execute...

Here is a summary of the CVE-2025-47978 vulnerability: CVE ID: CVE-2025-47978 Component: Windows Kerberos Type: Denial of Service (DoS) Vulnerability: Out-of-bounds read Attack Vector: An authorized (authenticated) attacker can exploit this vulnerability over a network to cause a denial of...

The Windows Simple Service Discovery Protocol (SSDP) Service has been identified with a critical vulnerability, designated as CVE-2025-47976. This flaw is a use-after-free issue that allows authorized attackers to elevate their privileges locally, potentially gaining SYSTEM-level access...

A critical security vulnerability, identified as CVE-2025-47986, has been discovered in Microsoft's Universal Print Management Service. This flaw allows authorized local attackers to elevate their privileges by exploiting a "use after free" condition within the service. This vulnerability poses...

A newly discovered and actively discussed vulnerability, tracked as CVE-2025-47984, has cast a fresh spotlight on the security posture of Microsoft Windows graphics subsystems. This flaw, categorized as an information disclosure vulnerability in the Windows Graphics Device Interface (GDI)...

In the rapidly evolving world of industrial control systems (ICS), vulnerabilities within automation infrastructure can reverberate far beyond the factory floor, exposing critical manufacturing environments to increasingly sophisticated cyber threats. Recent advisories concerning the FESTO...

In June 2025, a security vulnerability identified as CVE-2025-6556 was disclosed, affecting Google Chrome's Loader component. This flaw, stemming from insufficient policy enforcement, allowed remote attackers to bypass content security policies via crafted HTML pages. While Google Chrome...

The recently disclosed vulnerability in the Vestel AC Charger, identified as CVE-2025-3606, highlights the persistent risks faced by the rapidly growing market for electric vehicle (EV) charging solutions. As electric vehicles become increasingly prevalent worldwide, the infrastructure that...

It probably wasn’t on your 2025 bingo card to revisit a discontinued home automation relic threatened by remote hackers with a penchant for credential snatching, but here we are: the Schneider Electric Wiser Home Controller WHC-5918A is back in the limelight—and not for a firmware upgrade. If...

Original release date: August 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a...

Original release date: June 05, 2017 Systems Affected SNMP enabled devices Overview The Simple Network Management Protocol (SNMP) may be abused to gain unauthorized access to network devices. SNMP provides a standardized framework for a common language that is used for monitoring and...

I have a user account password on my Windows 10 machine at home and am wondering whether this actually increases security against remote attackers or if it's solely for protecting against local attacks.

Original release date: November 14, 2014 Systems Affected Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Microsoft Windows XP and 2000 may also be affected. Overview A critical vulnerability in...

Severity Rating: Important Revision Note: V1.1 (May 29, 2013): Corrected update replacement entries in the Affected Software table for x64-based editions of Windows Server 2008 R2. This is a bulletin change only. There were no changes to detection logic or security update files. Summary: This...

Original release date: April 17, 2013 Systems Affected JDK and JRE 7 Update 17 and earlier JDK and JRE 6 Update 43 and earlier JDK and JRE 5.0 Update 41 and earlier JavaFX 2.2.7 and earlier Overview Oracle has released a Critical Patch Update (CPU) for Java SE.  Oracle strongly...

Original release date: January 08, 2013 | Last revised: February 06, 2013 Systems Affected Microsoft Windows Microsoft Office Microsoft Server Software Microsoft .NET Framework Microsoft Developer Tools Overview Select Microsoft software products contain multiple...

Severity Rating: Important Revision Note: V1.0 (October 9, 2012): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote attacker sends a specially...

Severity Rating: Important Revision Note: V1.0 (June 12, 2012): Bulletin published. Summary: This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of...