Toggle navigation
SCADA - ICS - IIoT Security Bootcamp
Cyber Range
Contact
Critical Infrastructure
SecList ICS
Threat landscape for industrial automation systems. Q1 2026
Threat landscape for industrial automation systems in Q4 2025
Security Magazine
Security Experts Discuss Validity of Handala’s Cal Water Hacking Claim
Why Are People Entering NYC’s Sewers at Night?
Why Energy Infrastructure Is Cybersecurity’s Next Frontier
When Metal Theft Becomes a Life Safety Crisis
Venice Hydraulic Pump System Hacked, Hackers Claim Power to Create Floods
Iranian-Linked Cyber Actors Target US Critical Infrastructure, Security Leaders Respond
No More Failures of Imagination: Future Proofing Airport Employee Screening
Security Leaders Discuss Cyberattack on American Airlines Subsidiary
Cyberattack Disrupts European Airports, Security Leaders Respond
Integrating Mass Notification with Video Surveillance in Airports
Windsor port authority strengthens US-Canada border waterway
Protecting ships from cyber terrorism
Critical Crossings: Securing Bridges and Tunnels
Inside the Modern Warehouse: Securing the World’s New Front Door
Pro-Iranian Actor Claims L.A. Metro Cyberattack
Airport Security Challenges in the Midst of the DHS Shutdown
From Farm to Table: Securing the Future of Agriculture with Innovative Technology
Layered Secure Entrances Strengthen Warehouse and Supply Chain Security
Case Studies
The 2 am call: Preparing for a government cyberattack
Häfele recovers from ransomware attack with new SASE platform
Ride-hailing company, inDrive, uses new platform to prevent fraud
The Old Spaghetti Factory restaurant chain ups network & physical security
K-8 students learn cybersecurity through gamification
Electric company uses SAP monitoring to bolster cybersecurity
Thornton Township High School District Implements ZeroEyes
Transforming Higher Ed Safety and Efficiency with Cloud-Based Access Control
Pennsylvania School District Adopts AI-Driven Gun Detection Technology
Protecting 14 Campuses, All With Different Needs
Campus collaboration: a security-focused work management platform
Windsor port authority strengthens US-Canada border waterway
News
Exploits
[webapps] Krayin CRM v2.2.x - Authenticated Remote Code Execution
[webapps] Atarim WordPress Plugin 4.2.2 - Sensitive Information Exposure
[webapps] Langflow 1.9.0 - RCE
[webapps] Joomla Page Builder CK 3.5.10 - Arbitrary File Upload
[webapps] MCPJam Inspector - Remote Code Execution
[local] ProtonVPN v4.4.1 - Unquoted Service Path
[webapps] Flowise 3.1.3 - arbitrary code execution
[remote] Hydra - Stack Buffer Overflow
[webapps] Discuz! X5.0 - Authentication Bypass
[webapps] Tenable Nessus 10.12.1 - SQL Injection
[webapps] WordPress Bricks Builder Theme - RCE
[remote] iOS Bluetooth PAN Exploit - Ethernet Gateway without Adapter
[webapps] Joomla Extension 4.1.4 - PHP Object injection
[webapps] Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
[local] MEmu Android Emulator 9.2.7.0 - Local Privilege Escalation
[webapps] KeepInMind 0.8.4.2 - Stored XSS
[webapps] KNX visualisering - Broken Access Control
[local] Windows Defender (MsMpEng.exe) - Race Condition
[webapps] WordPress Plugin WPZOOM Portfolio 1.4.21 - Reflected Cross-Site Scripting (XSS)
[webapps] OpenEMR 7.0.2 - Arbitrary File Read
[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection
[webapps] Drupal Core 10.5.5 - Error-Based SQL Injection
[webapps] WordPress OrderConvo 14 - Path Traversal
[remote] Notepad++ 8.9.6 - Arbitrary Code Execution
[webapps] YAMCS yamcs-core 5.12.7 - No Rate Limiting
[webapps] YAMCS yamcs-core 5.12.7 - User Enumeration
[webapps] YAMCS yamcs-core 5.12.7 - LDAP Injection
[remote] Microsoft - NTLMv2 Hash Capture
[webapps] MikroORM 7.0.13 - SQL Injection
[webapps] Prodigy Commerce 3.3.0 - Local File Inclusion
[webapps] Langflow 1.3.0 - Remote Code Execution
[webapps] Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
[local] ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
[local] ZTE Routers - Unauthenticated Denial of Service
[local] ZTE ZXHN H188A V6 - Authentication Bypass
[local] ZTE H298A / H108N - Unauthenticated Credential Exposure
[local] Linux Kernel - Local Privilege Escalation
[webapps] MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
[remote] Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
[webapps] CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
[remote] strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow
[dos] strongSwan 5.9.13 - DoS
[local] Linux Kernel - Local Privilege Escalation
[webapps] Casdoor 3.54.1 - Arbitrary File Write via Path Traversal
[webapps] EspoCRM 9.3.3 - SSRF
[webapps] scramble - Remote Code Execution
Last 20 Website Defacements - Zone-h
Advisories