Aggregator

Hitachi Energyが提供するRTU500シリーズには、複数の脆弱性が存在します。

In this Help Net Security interview, Marco Goldberg, Managing Director at EQS Group, discusses how compliance and regulation are evolving worldwide. He talks about how organizations can stay compliant with international rules while keeping their systems practical and user-friendly. Goldberg points out that getting compliance right goes beyond avoiding penalties and helps build trust with customers, partners, and regulators everywhere. If you could design the ideal compliance platform from scratch, how would you merge European … More →

The post Creating a compliance strategy that works across borders appeared first on Help Net Security.

Delta Electronicsが提供するDIALinkには、パストラバーサルの脆弱性が存在します。

A vulnerability classified as problematic has been found in HPE Aruba Networking EdgeConnect SD-WAN Gateway up to 9.4.3.7/9.5.3.6. Affected by this issue is some unknown functionality. This manipulation causes cryptographic issues. The identification of this vulnerability is CVE-2025-37127. The attack can only be executed locally. There is no exploit available.

Новая атака обходит большинство защит и выглядит абсолютно легально.

Apple修复了CVE-2025-43300漏洞，该漏洞存在于ImageIO框架中，可能导致内存损坏。补丁已发布到iOS、iPadOS和macOS的多个版本，并确认被用于特定攻击。

Apple announced it has backported patches for a recently addressed actively exploited vulnerability tracked as CVE-2025-43300. Apple has backported security patches released to address an actively exploited vulnerability tracked as CVE-2025-43300. In August 2025, Apple addressed the actively exploited zero-day CVE-2025-43300 in iOS, iPadOS, and macOS. The vulnerability is zero-day out-of-bounds write issue that resides […]

A vulnerability described as critical has been identified in HPE Aruba Networking EdgeConnect SD-WAN Gateway up to 9.4.3.7/9.5.3.6. Affected by this vulnerability is an unknown functionality of the component Command Line Interface. The manipulation results in improper authentication. This vulnerability was named CVE-2025-37126. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as critical has been reported in HPE Aruba Networking EdgeConnect SD-WAN Gateway up to 9.4.3.7/9.5.3.6. Affected is an unknown function of the component Command-Line Interface. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2025-37123. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as problematic has been found in HPE Aruba Networking EdgeConnect SD-WAN Gateway up to 9.4.3.7/9.5.3.6. This impacts an unknown function of the component Web API. Executing manipulation can lead to denial of service. This vulnerability is handled as CVE-2025-37128. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in BMC Control-M and Agent 9.0.18/9.0.19/9.0.20. It has been rated as problematic. Affected by this issue is some unknown functionality. This manipulation causes relative path traversal. This vulnerability is tracked as CVE-2025-55115. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in BMC Control-M and Agent 9.0.18/9.0.19/9.0.20. This affects an unknown part. Such manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2025-55116. The attack must be carried out locally. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in VMware Spring Cloud Gateway Server Webflux up to 3.1.10/4.1.10/4.2.4/4.3.0. This issue affects some unknown processing of the component Actuator Endpoint. This manipulation causes improper neutralization of special elements used in an expression language statement. This vulnerability appears as CVE-2025-41243. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Adobe Substance3D Stager up to 3.1.3 and classified as critical. This affects an unknown function of the component File Parser. The manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2025-54262. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in BMC Control-M and Agent 9.0.18/9.0.19/9.0.20. Affected by this issue is some unknown functionality. Performing manipulation results in improper certificate validation. This vulnerability is known as CVE-2025-55109. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability identified as problematic has been detected in BMC Control-M and Agent 9.0.18/9.0.19/9.0.20. Affected by this vulnerability is an unknown functionality of the component Network Traffic Handler. This manipulation causes use of hard-coded cryptographic key . This vulnerability is registered as CVE-2025-55112. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in HTMLDOC up to 1.9.13. Affected is the function image_load_bmp of the component BMP File Handler. Such manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2021-43579. The attack may be performed from remote. In addition, an exploit is available. Applying a patch is advised to resolve this issue.

文章探讨了数据安全态势管理（DSPM）如何帮助IT服务提供商（MSP和MSSP）通过提供数据驱动的安全服务，在竞争激烈的市场中脱颖而出。DSPM整合了自动化数据发现、分类、访问控制和持续监控功能，帮助提供商提升客户信任、降低流失率，并实现合规性与运营效率的提升。通过Cavelo等解决方案，服务提供商能够快速部署、统一管理多租户环境，并为客户提供实时风险洞察和审计支持。

Discover how DSPM helps MSSPs prove value, reduce churn, and strengthen client trust with proactive, data-centric security.

The post How DSPM Helps MSSPs Prove Value to Clients and Reduce Churn appeared first on Security Boulevard.

A vulnerability was found in Linux Kernel up to 6.1.1. It has been classified as critical. This affects the function usb_endpoints of the file drivers/usb/core/urb.c. This manipulation causes information disclosure. This vulnerability is tracked as CVE-2022-50297. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.