Critical Infrastructure

SecList ICS

• Threat landscape for industrial automation systems in Q3 2025
• Yet another DCOM object for lateral movement

Security Magazine

• Nuclear Facility Cyberattack Investigated as Possible Iranian Exploit
• Grid Protection in Severe Weather: What Security Leaders Need to Know
• High Water Mark: CISA Shares Foundations for Effective Cybersecurity and Risk Management
• From Farm to Table: Securing the Future of Agriculture with Innovative Technology
• Iran’s Cyber Playbook: What US Critical Infrastructure Needs to Be Doing Right Now
• Hacktivism Increasingly Targeting Critical Infrastructure

• No More Failures of Imagination: Future Proofing Airport Employee Screening
• Security Leaders Discuss Cyberattack on American Airlines Subsidiary
• Cyberattack Disrupts European Airports, Security Leaders Respond
• Integrating Mass Notification with Video Surveillance in Airports
• Windsor port authority strengthens US-Canada border waterway
• Protecting ships from cyber terrorism

• Airport Security Challenges in the Midst of the DHS Shutdown
• From Farm to Table: Securing the Future of Agriculture with Innovative Technology
• Layered Secure Entrances Strengthen Warehouse and Supply Chain Security
• How Air Travel Became Safer Through Cashless Service
• No Smoke, Just Signals: Iris Recognition for Cannabis Compliance
• Scattered Spider’s Newest Targets: Transportation and Airlines

Case Studies

• The 2 am call: Preparing for a government cyberattack
• Häfele recovers from ransomware attack with new SASE platform
• Ride-hailing company, inDrive, uses new platform to prevent fraud
• The Old Spaghetti Factory restaurant chain ups network & physical security
• K-8 students learn cybersecurity through gamification
• Electric company uses SAP monitoring to bolster cybersecurity

• Transforming Higher Ed Safety and Efficiency with Cloud-Based Access Control
• Pennsylvania School District Adopts AI-Driven Gun Detection Technology
• Protecting 14 Campuses, All With Different Needs
• Campus collaboration: a security-focused work management platform
• Windsor port authority strengthens US-Canada border waterway
• From the stone age to cutting edge: A case study on key management

News

Exploits

• [webapps] WordPress Backup Migration 1.3.7 - Remote Command Execution
• [webapps] mailcow 2025-01a - Host Header Password Reset Poisoning
• [webapps] Easy File Sharing Web Server v7.2 - Buffer Overflow
• [webapps] WeGIA 3.5.0 - SQL Injection
• [webapps] Boss Mini v1.4.0 - Local File Inclusion (LFI)
• [webapps] motionEye 0.43.1b4 - RCE
• [remote] Windows 10.0.17763.7009 - spoofing vulnerability
• [local] glibc 2.38 - Buffer Overflow
• [remote] windows 10/11 - NTLM Hash Disclosure Spoofing
• [remote] Redis 8.0.2 - RCE
• [webapps] OctoPrint 1.11.2 - File Upload
• [remote] Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
• [webapps] aiohttp 3.9.1 - directory traversal PoC
• [webapps] FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
• [local] Docker Desktop 4.44.3 - Unauthenticated API Exposure
• [webapps] Piranha CMS 12.0 - Stored XSS in Text Block
• [webapps] RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)
• [hardware] D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)
• [webapps] RPi-Jukebox-RFID 2.8.0 - Remote Command Execution
• [webapps] Siklu EtherHaul Series EH-8010 - Arbitrary File Upload
• [webapps] Siklu EtherHaul Series EH-8010 - Remote Command Execution
• [webapps] WordPress Quiz Maker 6.7.0.56 - SQL Injection
• [webapps] Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
• [webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
• [webapps] Summar Employee Portal 3.98.0 - Authenticated SQL Injection
• [webapps] esm-dev 136 - Path Traversal
• [webapps] Pluck 4.7.7-dev2 - PHP Code Execution
• [webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)
• [webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)
• [webapps] MaNGOSWebV4 4.0.6 - Reflected XSS
• [webapps] Django 5.1.13 - SQL Injection
• [webapps] phpMyFaq 2.9.8 - Cross Site Request Forgery (CSRF)
• [webapps] MobileDetect 2.8.31 - Cross-Site Scripting (XSS)
• [webapps] phpIPAM 1.4 - SQL-Injection
• [webapps] OpenRepeater 2.1 - OS Command Injection
• [webapps] phpMyAdmin 5.0.0 - SQL Injection
• [webapps] RosarioSIS 6.7.2 - Cross Site Scripting (XSS)
• [webapps] RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)
• [webapps] PluckCMS 4.7.10 - Unrestricted File Upload
• [webapps] openSIS Community Edition 8.0 - SQL Injection
• [webapps] YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)
• [webapps] phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
• [webapps] phpIPAM 1.5.1 - SQL Injection
• [webapps] Piwigo 13.6.0 - SQL Injection
• [webapps] phpIPAM 1.6 - Reflected-Cross-Site Scripting (XSS)
• [webapps] phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS)

Last 20 Website Defacements - Zone-h

Advisories