⚡

Security & IT News

Live

Real-time news from 13+ trusted sources — BleepingComputer, The Hacker News, Krebs on Security, Dark Reading & more.

All ⚠ Vulnerability728 🩹 Patch165 🚀 Release17 🔴 Breach428 🔬 Analysis58 🧪 Research62 🦠 Malware237 📰 General104

728 results in Vulnerability

⚠ VulnerabilityCISA·22d ago

Subnet Solutions PowerSYSTEM Center

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-02.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could allow an authenticated attacker to expose sensitive information or cause a CRLF injection. /strong /p p The following versions of Subnet Solutions PowerSYSTEM Center are affected: /p ul li PowerSYSTEM Center 2020 lt;=5.28.x (CVE-2026-35504) /li li PowerSYSTEM Center 2020 gt;=5.8.x| lt;=5.28.x (CVE-2026-26289) /li li PowerSYSTEM Center 2020 gt;=5.11.x| lt;=5.28.x (CVE-2026-33570) /li li PowerSYSTEM Center 2024 gt;=6.0.x| lt;=6.1.x (CVE-2026-26289, CVE-2026-35555, CVE-2026-35504) /li li PowerSYSTEM Center 2026 7.0.x (CVE-2026-26289, CVE-2026-35555, CVE-2026-35504) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8.2 /td td Subnet Solutions Inc. /td td Subnet Solutions PowerSYSTEM Center /td td Incorrect Authorization, Improper Neutralization of CRLF Sequences ('CRLF Injection') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing, Energy /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Canada /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-26289 /a /h3 div class="csaf-accordion-content" p PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-26289" View CVE Details /a /p hr h4 Affected Products /h4 h5 Subnet Solutions PowerSYSTEM Center /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Subnet Solutions Inc. /div div class="ics-version" strong Product Version: /strong br Subnet Solutions Inc. PowerSYSTEM Center 2020: gt;=5.8.x| lt;=5.28.x, Subnet Solutions Inc. PowerSYSTEM Center 2024: gt;=6.0.x| lt;=6.1.x, Subnet Solutions Inc. PowerSYSTEM Center 2026: 7.0.x /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Subnet Solutions recommends users update to the latest version of PowerSYSTEM Center PSC 2020 Update 29, PSC 2024 Update 2, and PSC 2026 GA Hotfix. /p p strong Mitigation /strong br For assistance in upgrading, users should contact a Subnet Solutions System Integration team member or customer support team at (403)

Read article Discuss thisSource: CISA ↗

⚠ VulnerabilityCISA·22d ago

Software Bill of Materials for AI - Minimum Elements

p CISA and the Group of Seven (G7) international partners—Germany, Canada, France, Italy, Japan, the United Kingdom, and the European Union—have released joint guidance, a href="https://bsi.bund.de/SharedDocs/Downloads/EN/BSI/KI/SBOM-for-AI_minimum-elements.html" target="_blank" em Software Bill of Materials for AI – Minimum Elements /em /a , to help public and private sector stakeholders improve transparency in their artificial intelligence (AI) systems and supply chains. /p p A nbsp; a href="https://www.cisa.gov/sbom" software bill of materials /a (SBOM) acts as an “ingredients list” for software that better positions organizations to understand their supply chains and make risk-informed decisions about how to protect their critical systems. The guidance builds on CISA’s previous work with federal and international partners to establish nbsp; a href="https://www.cisa.gov/resources-tools/resources/shared-vision-software-bill-materials-sbom-cybersecurity" a shared vision for a software bill of materials /a and nbsp;provides recommendations on minimum elements that should be included in an SBOM for AI. Because AI systems are software systems, these recommendations should be considered in addition to the general nbsp; a href="https://www.cisa.gov/resources-tools/resources/2025-minimum-elements-software-bill-materials-sbom" minimum elements for an SBOM /a . nbsp; /p p While not exhaustive or mandatory, the supplemental minimal elements outlined in this guidance reflect the consensus of G7 experts and will expand over time to keep pace with the rapid advancement of AI technology. nbsp; /p div class="c-text-cta" div class="l-constrain c-text-cta__inner" div class="c-text-cta__content" h2 Please share your thoughts! /h2 div class="c-text-cta__summary" div class="c-text-cta__summary" p We welcome your feedback. /p /div /div p a class="c-button c-button--on-dark" href="https://cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/resources-tools/resources/software-bill-materials-ai-minimum-elements" CISA Product Survey /a /p /div /div /div

Read article Discuss thisSource: CISA ↗

⚠ VulnerabilityCISA·22d ago

ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-06.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong ABB became aware of multiple internally discovered vulnerabilities in the WebPro SNMP card PowerValue for the product versions listed as affected in the advisory. Depending upon the vulnerability, an attacker with access to local network who successfully exploited this vulnerability could have - Unauthorized access - Insufficient Session Expiration leading to resource unavailability - Uncontrolled Resource Consumption leading to DOS attack ABB strongly advises customers to update the latest firmware of affected products. /strong /p p The following versions of ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities are affected: /p ul li WebPro SNMP Card lt;=1.1.8.k, 1.1.8.p /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8.8 /td td ABB /td td ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities /td td Improper Check for Unusual or Exceptional Conditions, Incorrect Implementation of Authentication Algorithm, Insufficient Session Expiration /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Chemical, Communications, Critical Manufacturing, Dams, Energy, Healthcare and Public Health, Information Technology, Water and Wastewater /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-4675 /a /h3 div class="csaf-accordion-content" p Modus(slave) protocol was implemented incorrectly in the device, port 502 becomes unstable and Modbus service is unavailable until manual reboot of the device. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-4675" View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br ABB /div div class="ics-version" strong Product Version: /strong br ABB WebPro SNMP Card PowerValue lt;=1.1.8.k /div div class="ics-status" strong Product Status: /strong br fixed, known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br The problem is corrected in the following product versions: WebPro SNMP card PowerValue version 1.1.8.p ABB advises users of the affected product versions to reach out to ABB Digital Service Support ([email protected]) for guidance and recommended actions. Additiona

Read article Discuss thisSource: CISA ↗

⚠ VulnerabilityCISA·22d ago

ABB Automation Builder Gateway for Windows

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-04.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. The Windows gateway is accessible remotely by default. Unauthenticated attackers can therefore search for PLCs, but the user management of the PLCs prevents the actual access to the PLCs – unless it is disabled /strong /p p The following versions of ABB Automation Builder Gateway for Windows are affected: /p ul li Automation Builder lt;2.9.0, 2.9.0 /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 5.3 /td td ABB /td td ABB Automation Builder Gateway for Windows /td td Initialization of a Resource with an Insecure Default /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Chemical, Critical Manufacturing, Energy, Water and Wastewater /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2024-41975 /a /h3 div class="csaf-accordion-content" p The gateway serves as a communication channel for various clients to AC500 PLCs. By default, the gateway listens on all available network adapters on port 1217 and can therefore be accessed remotely. How-ever, remote access to the gateway is only required in certain network configurations. Since the gateway is usually accessed locally, many users are unaware of this remote access option, which can enable scan-ning of and access to restricted PLC networks. Unauthenticated attackers can therefore search for PLCs, but the user management of the PLCs prevents the actual access to the PLCs – unless it is disabled. Please note that the gateway for Windows can be installed as a separate setup or as part of other setups such as the CODESYS Development System V3 setup or the CODESYS OPC DA Server setup. /p p a href="https://www.cve.org/CVERecord?id=CVE-2024-41975" View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB Automation Builder Gateway for Windows /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br ABB /div div class="ics-version" strong Product Version: /strong br ABB Automation Builder lt;2.9.0 /div div class="ics-status" strong Product Status: /strong br fixed, known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br If remote access is not required, check the "LocalAddres

Read article Discuss thisSource: CISA ↗

⚠ VulnerabilityCISA·22d ago

Fuji Electric Tellus

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-01.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to elevate privileges from user to system, which may then enable the attacker to cause a temporary denial of service, open files, or delete files. /strong /p p The following versions of Fuji Electric Tellus are affected: /p ul li Tellus 5.0.2 /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.8 /td td Fuji Electric /td td Fuji Electric Tellus /td td Exposed Dangerous Method or Function /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Japan /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-8108 /a /h3 div class="csaf-accordion-content" p The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-8108" View CVE Details /a /p hr h4 Affected Products /h4 h5 Fuji Electric Tellus /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Fuji Electric /div div class="ics-version" strong Product Version: /strong br Fuji Electric Tellus: 5.0.2 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Fuji Electric recommends that Tellus be installed only with administrator privileges. /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/749.html" CWE-749 Exposed Dangerous Method or Function /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Score /th th role="columnheader" Base Severity /th th role="columnheader" Vector String /th /tr /thead tbody tr td 3.1 /td td 7.8 /td td HIGH /td td a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H /a /td /tr /tbody /table /div /div /div /div hr h2 Acknowledgments /h2 ul li Kim Myung-gyu of Trend Micro Zero Day Initiative reported this vulnerability to CISA /li /ul hr h2 Legal Notice and Terms of Use /h2 p

Read article Discuss thisSource: CISA ↗

⚠ VulnerabilityThe Hacker News·22d ago

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why certain high-risk alert categories - WAF, DLP, OT/IoT, dark web intelligence, and supply chain signals- consistently

Read article Discuss thisSource: The Hacker News ↗

⚠ VulnerabilityBleepingComputer·22d ago

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. [...]

Read article Discuss thisSource: BleepingComputer ↗

⚠ VulnerabilitySchneier on Security·22d ago

Copy.Fail Linux Vulnerability

This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four bytes at a time straight into the page cache of a file the attacker does not own. The exploit works unmodified across Ubuntu, RHEL, Debian, SUSE, Amazon Linux, Fedora and most others. No race condition, no per-distro offsets. The file on disk is never modified. AIDE, Tripwire and checksum-based monitoring see nothing. Kubernetes Pod Security Standards (Restricted) and the default RuntimeDefault seccomp profile do not block the syscall used. A custom seccomp profile is needed. The mainline fix landed on 1 April. Distros are rolling kernels out now. Patch. “Local privilege escalation” sounds dry, so let me unpack it. It means: an attacker who already has some way to run code on the machine, even as the most boring unprivileged user, can promote themselves to root. From there they can read every file, install backdoors, watch every process, and pivot to other systems. Why does that matter on shared infrastructure? Because “local” covers a lot of ground in 2026: every container on a shared Kubernetes node, every tenant on a shared hosting box, every CI/CD job that runs untrusted pull-request code, every WSL2 instance on a Windows laptop, every containerised AI agent given shell access. They all share one Linux kernel with their neighbours. A kernel LPE collapses that boundary. News article .

Read article Discuss thisSource: Schneier on Security ↗

⚠ VulnerabilityThe Hacker News·22d ago

Why Agentic AI Is Security's Next Blind Spot

Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow it, restrict it, or monitor it? However, that framing misses the point. The more urgent

Read article Discuss thisSource: The Hacker News ↗