Ubuntu Security Notice USN-7448-1 https://packetstorm.news/files/190617 #advisory

Ubuntu Security Notice USN-7445-1 https://packetstorm.news/files/190616 #advisory

Ubuntu Security Notice USN-7444-1 https://packetstorm.news/files/190615 #advisory

Red Hat Security Advisory 2025-4128-03 https://packetstorm.news/files/190613 #advisory

Red Hat Security Advisory 2025-4098-03 https://packetstorm.news/files/190612 #advisory

Red Hat Security Advisory 2025-4063-03 https://packetstorm.news/files/190611 #advisory

Red Hat Security Advisory 2025-4051-03 https://packetstorm.news/files/190610 #advisory

Schneider Electric reports critical flaw in Wiser Home Controller WHC-5918A

The Schneider Electric Wiser Home Controller WHC-5918A contains a critical security vulnerability (CVE-2024-6407, CVSS 9.8) allowing attackers to extract sensitive credentials by sending specially crafted messages. Schneider is recommending complete replacement of the discontinued device with their newer C-Bus Home Controller model as no security patches will be released.

**If you are using Schneider Electric Wiser Home Controller WHC-5918A devices, be aware that they are critically vulnerable and won't be patched. As usual, make sure they are isolated from the internet and accessible only from trusted networks. Then make a full risk assessment and consider replacing them with supported and secured devices.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/schneider-electric-reports-critical-flaw-in-wiser-home-controller-whc-5918a-0-k-c-4-0/gD2P6Ple2L

Critical authentication flaw reported in Lantronix Xport

The Lantronix Xport devices contain a critical authentication bypass vulnerability (CVE-2025-2567, CVSS 9.8) affecting versions 6.5.0.7 through 7.0.0.3 that allows remote attackers to access the configuration interface without credentials, potentially enabling disruption of critical infrastructure and creating safety hazards in fuel operations.

**If you are using Lantronix Xport devices, be aware that they are critically vulnerable and won't be patched. As usual, make sure they are isolated from the internet and accessible only from trusted networks. Then make a full risk assessment and consider replacing them with supported and secured devices.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-flaw-reported-in-lantronix-xport-c-7-8-8-g/gD2P6Ple2L

Critical remote code execution flaw reported in PyTorch Framework

The PyTorch machine learning framework contains a critical Remote Code Execution vulnerability (CVE-2025-32434, CVSS 9.3) affecting versions up to 2.5.1, which allows attackers to bypass the `weights_only=True` protection parameter when loading models, potentially executing arbitrary code.

**If you are using PyTorch, especially for loading third party potentially unsafe models, update your PyTorch to the latest version. Alternatively, find other ways to load models because weights_only=True parameter in the torch.load() is not safe now.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-reported-in-pytorch-framework-q-d-g-r-7/gD2P6Ple2L

Authentication bypass vulnerability reported in HPE Performance Cluster Manager (HPCM)

Authentication bypass vulnerability in HPE Performance Cluster Manager (CVE-2025-27086, CVSS 8.1) allows attackers to exploit Remote Method Invocation in the GUI component to gain unauthorized privileged access to affected systems (version 1.12 and earlier). HPE is recommending immediate upgrade to version 1.13 or implementing a temporary mitigation - disabling the vulnerable RMI service.

**If you are running HPE Clusters and are using HPE Performance Cluster Manager, time to patch it ASAP. Although the flaw is not scored as critical, an authentication bypass to the Cluster Manager can be a nasty vector of attack. Naturally, make sure it's only accessible from isolated and trusted networks. Then patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/authentication-bypass-vulnerability-reported-in-hpe-performance-cluster-manager-hpcm-n-p-l-d-c/gD2P6Ple2L

Critical flaw reported in InstaWP Connect WordPress plugin
The InstaWP Connect WordPress plugin contains a critical Local File Inclusion vulnerability (CVE-2025-2636, CVSS 9.8) in versions up to 0.1.0.85 that allows unauthenticated attackers to execute arbitrary PHP files, potentially leading to complete website compromise. Administrators should update to version 0.1.0.86 or later.

**If you have installed InstaWP Connect WordPress plugin, update it NOW. The update is trivial, and it's much easier to update a plugin and sleep easy than to worry whether you can be hacked.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-flaw-reported-in-instawp-connect-wordpress-plugin-0-x-2-p-8/gD2P6Ple2L

Ubuntu Security Notice USN-7441-1 https://packetstorm.news/files/190589 #advisory

#OT #Advisory VDE-2024-004
TRUMPF: Multiple products affected by log4net vulnerability

The versions of TRUMPF products stated below are including a version of log4net that’s prone to XXE (External XML Entities) attacks under certain circumstances. This means, the log4net code can be tricked into loading externally hosted, potentially malicious XML code and possibly executing it. This vulnerability allows for the execution of remote XML code, possibly resulting in unauthorized (remote) access to, change of data or disruption of the whole system running the vulnerable application.
#CVE CVE-2018-1285

https://certvde.com/en/advisories/VDE-2024-004

#CSAF https://trumpf.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2024-004.json

Ubuntu Security Notice USN-7440-1 https://packetstorm.news/files/190583 #advisory

Debian Security Advisory 5906-1 https://packetstorm.news/files/190582 #advisory

https://www.europesays.com/uk/38439/ Over $2.4 million losses since February #advisory #Android #Mobile #Scam #Technology #UK #UnitedKingdom

#LawlessInAmerica

#CPJ #Safety #Advisory: #Traveling to the #US
" #Journalists traveling across the U.S. border should consider taking the following steps before entering or exiting the #UnitedStates:"

>> #Imho, JUST DON'T VISIT ORANGE TURD'S #AMERICA.
https://cpj.org/2025/04/cpj-safety-advisory-traveling-to-the-us/

Cisco Webex reports Client-Side remote code execution vulnerability
#cybersecurity #infosec #advisory #ransomware
https://beyondmachines.net/event_details/cisco-webex-reports-client-side-remote-code-execution-vulnerability-o-m-m-h-6/gD2P6Ple2L

Critical authentication bypass flaw reported in ASUS Routers with AiCloud
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaw-reported-in-asus-routers-with-aicloud-0-4-k-6-0/gD2P6Ple2L