Critical Infrastructure

SecList ICS

• Threat landscape for industrial automation systems in Q2 2025
• Notes of cyber inspector: three clusters of threat in cyberspace

Security Magazine

• Iran’s Cyber Playbook: What US Critical Infrastructure Needs to Be Doing Right Now
• Hacktivism Increasingly Targeting Critical Infrastructure
• Physical Security Measures That Respect Constitutional Rights
• The importance of security for power utility substations
• Chinese threat actor resided in US electric grid for almost one year
• US experiences 47% of global utilities cyberattacks

• Cyberattack Disrupts European Airports, Security Leaders Respond
• Integrating Mass Notification with Video Surveillance in Airports
• Windsor port authority strengthens US-Canada border waterway
• Protecting ships from cyber terrorism
• Biden administration issues executive order to secure U.S. ports
• Cadisha Miceli | Women in Security 2023

• Layered Secure Entrances Strengthen Warehouse and Supply Chain Security
• How Air Travel Became Safer Through Cashless Service
• No Smoke, Just Signals: Iris Recognition for Cannabis Compliance
• Scattered Spider’s Newest Targets: Transportation and Airlines
• The Future of Public Transit: Leveraging AI Analytics for Enhanced Operations and Passenger Experience
• Jewel Singh: Protecting Women At All Levels of an Organization

Case Studies

• The 2 am call: Preparing for a government cyberattack
• Häfele recovers from ransomware attack with new SASE platform
• Ride-hailing company, inDrive, uses new platform to prevent fraud
• The Old Spaghetti Factory restaurant chain ups network & physical security
• K-8 students learn cybersecurity through gamification
• Electric company uses SAP monitoring to bolster cybersecurity

• Transforming Higher Ed Safety and Efficiency with Cloud-Based Access Control
• Pennsylvania School District Adopts AI-Driven Gun Detection Technology
• Protecting 14 Campuses, All With Different Needs
• Campus collaboration: a security-focused work management platform
• Windsor port authority strengthens US-Canada border waterway
• From the stone age to cutting edge: A case study on key management

News

Exploits

• [remote] GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)
• [local] GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure
• [webapps] StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload
• [remote] Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
• [webapps] Lingdang CRM 8.6.4.7 - SQL Injection
• [webapps] Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
• [remote] Tenda AC20 16.03.08.12 - Command Injection
• [webapps] Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)
• [webapps] Soosyze CMS 2.0 - Brute Force Login
• [remote] Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure
• [remote] PHPMyAdmin 3.0 - Bruteforce Login Bypass
• [webapps] RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
• [webapps] BigAnt Office Messenger 5.6.06 - SQL Injection
• [webapps] JetBrains TeamCity 2023.11.4 - Authentication Bypass
• [webapps] ServiceNow Multiple Versions - Input Validation & Template Injection
• [webapps] Ghost CMS 5.59.1 - Arbitrary File Read
• [webapps] Ghost CMS 5.42.1 - Path Traversal
• [remote] Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials
• [webapps] VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS)
• [remote] Microsoft SharePoint Server 2019 (16.0.10383.20020) - Remote Code Execution (RCE)
• [remote] Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 - Command Injection
• [webapps] Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape
• [webapps] Grav CMS 1.7.48 - Remote Code Execution (RCE)
• [remote] Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure
• [webapps] atjiu pybbs 6.0.0 - Cross Site Scripting (XSS)
• [local] Microsoft Windows - Storage QoS Filter Driver Checker
• [webapps] projectworlds Online Admission System 1.0 - SQL Injection
• [remote] Cisco ISE 3.0 - Authorization Bypass
• [remote] Cisco ISE 3.0 - Remote Code Execution (RCE)
• [local] Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)
• [webapps] Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation
• [remote] Swagger UI 1.0.3 - Cross-Site Scripting (XSS)
• [webapps] LPAR2RRD 8.04 - Remote Code Execution (RCE)
• [webapps] Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
• [remote] Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure
• [webapps] Gandia Integra Total 4.4.2236.1 - SQL Injection
• [webapps] Adobe ColdFusion 2023.6 - Remote File Read
• [local] Linux PAM Environment - Variable Injection Local Privilege Escalation
• [webapps] Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)
• [webapps] XWiki 14 - SQL Injection via getdeleteddocuments.vm
• [webapps] Invision Community 4.7.20 - (calendar/view.php) SQL Injection
• [dos] Xlight FTP 1.1 - Denial Of Service (DOS)
• [webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field
• [webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via the Chat Transfer Function
• [webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Personal Canned Messages
• [webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field

Last 20 Website Defacements - Zone-h

Advisories