#advisory — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #advisory, aggregated by home.social.
-
‘Outdated’ consultancy sector faces a reckoning as AI rips up the old model
Wednesda…
#NewsBeep #News #Artificialintelligence #advisory #AI #ArtificialIntelligence #artificialintelligence(ai)androbots #bigfour #Business #Consulting #employmentandwages #financialcommunications #managementconsultants #McKinsey #privateequity #profservices #ProfessionalServices #sourceglobalresearch #strategiccommunications #Tech #Technology #UK #UKeconomy #ukjobs #UnitedKingdom
https://www.newsbeep.com/uk/606988/ -
https://www.europesays.com/uk/988409/ ‘Outdated’ consultancy sector faces a reckoning as AI rips up the old model #advisory #AI #ArtificialIntelligence #ArtificialIntelligence(ai)AndRobots #BigFour #Business #Consulting #EmploymentAndWages #FinancialCommunications #ManagementConsultants #mckinsey #News #PrivateEquity #ProfServices #ProfessionalServices #SourceGlobalResearch #StrategicCommunications #Tech #Technology #UK #UKEconomy #UKJobs #UnitedKingdom
-
#OT #Advisory VDE-2026-059
Helmholz: Multiple vulnerabilities in REX100/REX200/REX250Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
#CVE CVE-2026-40851, CVE-2026-40852https://certvde.com/en/advisories/vde-2026-059/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-059.json
-
#OT #Advisory VDE-2026-059
Helmholz: Multiple vulnerabilities in REX100/REX200/REX250Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
#CVE CVE-2026-40851, CVE-2026-40852https://certvde.com/en/advisories/vde-2026-059/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-059.json
-
#OT #Advisory VDE-2026-059
Helmholz: Multiple vulnerabilities in REX100/REX200/REX250Two command injection vulnerabilities have been discovered in Helmholz REX100/REX200/REX250.
#CVE CVE-2026-40851, CVE-2026-40852https://certvde.com/en/advisories/vde-2026-059/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-059.json
-
#OT #Advisory VDE-2026-054
MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.miniTwo command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
#CVE CVE-2026-40851, CVE-2026-40852https://certvde.com/en/advisories/vde-2026-054/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-054.json
-
#OT #Advisory VDE-2026-054
MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.miniTwo command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
#CVE CVE-2026-40851, CVE-2026-40852https://certvde.com/en/advisories/vde-2026-054/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-054.json
-
#OT #Advisory VDE-2026-054
MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.miniTwo command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
#CVE CVE-2026-40851, CVE-2026-40852https://certvde.com/en/advisories/vde-2026-054/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-054.json
-
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtualMultiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
-
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtualMultiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
-
#OT #Advisory VDE-2026-058
Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtualMultiple SQLi vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820https://certvde.com/en/advisories/vde-2026-058/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-058.json
-
#OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
-
#OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
-
#OT #Advisory VDE-2026-044
MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
#CVE CVE-2026-40850, CVE-2026-40819, CVE-2026-40818, CVE-2026-40817, CVE-2026-40816, CVE-2026-40815, CVE-2026-40814, CVE-2026-40813, CVE-2026-40812, CVE-2026-40811, CVE-2026-40810, CVE-2026-40836, CVE-2026-40834, CVE-2026-40833, CVE-2026-40849, CVE-2026-40848, CVE-2026-40847, CVE-2026-40846, CVE-2026-40845, CVE-2026-40844, CVE-2026-40843, CVE-2026-40842, CVE-2026-40841, CVE-2026-40840, CVE-2026-40839, CVE-2026-40838, CVE-2026-40837, CVE-2026-40835, CVE-2026-40832, CVE-2026-40831, CVE-2026-40830, CVE-2026-40829, CVE-2026-40828, CVE-2026-40827, CVE-2026-40825, CVE-2026-40824, CVE-2026-40823, CVE-2026-40826, CVE-2026-40822, CVE-2026-40821, CVE-2026-40820https://certvde.com/en/advisories/vde-2026-044/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-044.json
-
#OT #Advisory VDE-2026-050
Phoenix Contact: PLCnext Firmware Security Issues Related to APPs and Configuration FilesThis advisory addresses security issues in PLCnext firmware versions prior to 2026.0.3 that are related to APP handling and the processing of configuration files. The identified vulnerabilities affect APP installation authenticity as well as the handling of configuration data in writable directories. Successful exploitation may allow authenticated attackers with different privilege levels to compromise integrity, availability, and system security of affected PLCnext Control. Both issues are resolved starting with PLCnext firmware version 2026.0.3.
#CVE CVE-2025-41669, CVE-2025-41670https://certvde.com/en/advisories/vde-2026-050/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-050.json
-
#OT #Advisory VDE-2026-050
Phoenix Contact: PLCnext Firmware Security Issues Related to APPs and Configuration FilesThis advisory addresses security issues in PLCnext firmware versions prior to 2026.0.3 that are related to APP handling and the processing of configuration files. The identified vulnerabilities affect APP installation authenticity as well as the handling of configuration data in writable directories. Successful exploitation may allow authenticated attackers with different privilege levels to compromise integrity, availability, and system security of affected PLCnext Control. Both issues are resolved starting with PLCnext firmware version 2026.0.3.
#CVE CVE-2025-41669, CVE-2025-41670https://certvde.com/en/advisories/vde-2026-050/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-050.json
-
#OT #Advisory VDE-2026-050
Phoenix Contact: PLCnext Firmware Security Issues Related to APPs and Configuration FilesThis advisory addresses security issues in PLCnext firmware versions prior to 2026.0.3 that are related to APP handling and the processing of configuration files. The identified vulnerabilities affect APP installation authenticity as well as the handling of configuration data in writable directories. Successful exploitation may allow authenticated attackers with different privilege levels to compromise integrity, availability, and system security of affected PLCnext Control. Both issues are resolved starting with PLCnext firmware version 2026.0.3.
#CVE CVE-2025-41669, CVE-2025-41670https://certvde.com/en/advisories/vde-2026-050/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-050.json
-
#OT #Advisory VDE-2026-053
METTLER TOLEDO: EVA Karl Fischer titrators affected by libpng vulnerabilitiesTitration software versions prior to 2.0.2.6 are affected by libpng vulnerabilities CVE-2026-33416 and CVE-2026-33636.
#CVE CVE-2026-33636, CVE-2026-33416https://certvde.com/en/advisories/vde-2026-053/
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-053.json
-
#OT #Advisory VDE-2026-053
METTLER TOLEDO: EVA Karl Fischer titrators affected by libpng vulnerabilitiesTitration software versions prior to 2.0.2.6 are affected by libpng vulnerabilities CVE-2026-33416 and CVE-2026-33636.
#CVE CVE-2026-33636, CVE-2026-33416https://certvde.com/en/advisories/vde-2026-053/
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-053.json
-
#OT #Advisory VDE-2026-053
METTLER TOLEDO: EVA Karl Fischer titrators affected by libpng vulnerabilitiesTitration software versions prior to 2.0.2.6 are affected by libpng vulnerabilities CVE-2026-33416 and CVE-2026-33636.
#CVE CVE-2026-33636, CVE-2026-33416https://certvde.com/en/advisories/vde-2026-053/
#CSAF https://mettler-toledo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-053.json
-
#OT #Advisory VDE-2026-009
JUMO: Multiple products affected by nodejs vulnerabilityA vulnerability in the REST API of the JUMO device allows an attacker to trigger a denial‑of‑service (DoS) condition. Due to an incorrect implementation of the arrayLimit option in the Node.js qs module, limits for incoming request parameters are not properly enforced. As a result, an attacker can send specially crafted requests containing excessively large or deeply nested arrays, causing the web server to become unresponsive. This condition leads to a crash of the web server, followed by an automatic restart of the device.
#CVE CVE-2025-15284https://certvde.com/en/advisories/vde-2026-009/
#CSAF https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-009.json
-
#OT #Advisory VDE-2026-009
JUMO: Multiple products affected by nodejs vulnerabilityA vulnerability in the REST API of the JUMO device allows an attacker to trigger a denial‑of‑service (DoS) condition. Due to an incorrect implementation of the arrayLimit option in the Node.js qs module, limits for incoming request parameters are not properly enforced. As a result, an attacker can send specially crafted requests containing excessively large or deeply nested arrays, causing the web server to become unresponsive. This condition leads to a crash of the web server, followed by an automatic restart of the device.
#CVE CVE-2025-15284https://certvde.com/en/advisories/vde-2026-009/
#CSAF https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-009.json
-
#OT #Advisory VDE-2026-009
JUMO: Multiple products affected by nodejs vulnerabilityA vulnerability in the REST API of the JUMO device allows an attacker to trigger a denial‑of‑service (DoS) condition. Due to an incorrect implementation of the arrayLimit option in the Node.js qs module, limits for incoming request parameters are not properly enforced. As a result, an attacker can send specially crafted requests containing excessively large or deeply nested arrays, causing the web server to become unresponsive. This condition leads to a crash of the web server, followed by an automatic restart of the device.
#CVE CVE-2025-15284https://certvde.com/en/advisories/vde-2026-009/
#CSAF https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-009.json
-
#OT #Advisory VDE-2026-057
CODESYS Control - Out-of-bounds WriteSuccessful exploitation allows an unauthenticated remote attacker to trigger an out-of-bounds write, causing the CODESYS Control Runtime to crash and resulting in a denial of service on the affected device.
#CVE CVE-2026-8047https://certvde.com/en/advisories/vde-2026-057/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-10_vde-2026-057.json
-
#OT #Advisory VDE-2026-057
CODESYS Control - Out-of-bounds WriteSuccessful exploitation allows an unauthenticated remote attacker to trigger an out-of-bounds write, causing the CODESYS Control Runtime to crash and resulting in a denial of service on the affected device.
#CVE CVE-2026-8047https://certvde.com/en/advisories/vde-2026-057/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-10_vde-2026-057.json
-
#OT #Advisory VDE-2026-057
CODESYS Control - Out-of-bounds WriteSuccessful exploitation allows an unauthenticated remote attacker to trigger an out-of-bounds write, causing the CODESYS Control Runtime to crash and resulting in a denial of service on the affected device.
#CVE CVE-2026-8047https://certvde.com/en/advisories/vde-2026-057/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-10_vde-2026-057.json
-
#OT #Advisory VDE-2026-056
CODESYS Control - Incorrect AuthorizationThe CODESYS Control runtime system provides a user management mechanism with multiple privilege groups including the visualization administrators group, which is intended solely to manage visualization users.
#CVE CVE-2026-8046https://certvde.com/en/advisories/vde-2026-056/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-08_vde-2026-056.json
-
#OT #Advisory VDE-2026-056
CODESYS Control - Incorrect AuthorizationThe CODESYS Control runtime system provides a user management mechanism with multiple privilege groups including the visualization administrators group, which is intended solely to manage visualization users.
#CVE CVE-2026-8046https://certvde.com/en/advisories/vde-2026-056/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-08_vde-2026-056.json
-
#OT #Advisory VDE-2026-056
CODESYS Control - Incorrect AuthorizationThe CODESYS Control runtime system provides a user management mechanism with multiple privilege groups including the visualization administrators group, which is intended solely to manage visualization users.
#CVE CVE-2026-8046https://certvde.com/en/advisories/vde-2026-056/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-08_vde-2026-056.json
-
#OT #Advisory VDE-2026-055
CODESYS Development System - Incorrect Default PermissionsTwo local privilege escalation vulnerabilities were identified in the CODESYS Development System. Specifically, the PackageManager and the IPM create temporary directories with insecure default permissions when executed with administrative privileges. This allows low-privileged local users to modify a temporary bootstrap file to force the deployment of arbitrary components, or to exploit a Time-of-Check to Time-of-Use (TOCTOU) race condition to replace digitally verified installation files with malicious ones prior to installation. Both flaws bypass intended security boundaries during the installation of packages or add-ons.
#CVE CVE-2026-44469, CVE-2026-44468https://certvde.com/en/advisories/vde-2026-055/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-09_vde-2026-055.json
-
#OT #Advisory VDE-2026-055
CODESYS Development System - Incorrect Default PermissionsTwo local privilege escalation vulnerabilities were identified in the CODESYS Development System. Specifically, the PackageManager and the IPM create temporary directories with insecure default permissions when executed with administrative privileges. This allows low-privileged local users to modify a temporary bootstrap file to force the deployment of arbitrary components, or to exploit a Time-of-Check to Time-of-Use (TOCTOU) race condition to replace digitally verified installation files with malicious ones prior to installation. Both flaws bypass intended security boundaries during the installation of packages or add-ons.
#CVE CVE-2026-44469, CVE-2026-44468https://certvde.com/en/advisories/vde-2026-055/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-09_vde-2026-055.json
-
#OT #Advisory VDE-2026-055
CODESYS Development System - Incorrect Default PermissionsTwo local privilege escalation vulnerabilities were identified in the CODESYS Development System. Specifically, the PackageManager and the IPM create temporary directories with insecure default permissions when executed with administrative privileges. This allows low-privileged local users to modify a temporary bootstrap file to force the deployment of arbitrary components, or to exploit a Time-of-Check to Time-of-Use (TOCTOU) race condition to replace digitally verified installation files with malicious ones prior to installation. Both flaws bypass intended security boundaries during the installation of packages or add-ons.
#CVE CVE-2026-44469, CVE-2026-44468https://certvde.com/en/advisories/vde-2026-055/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-09_vde-2026-055.json
-
https://www.europesays.com/africa/252824/ Weather Alert: Tropical Cyclone Gezani, Madagascar Update 4 on February 10, 2026 #Advisory #affairs #Council #countries #Crime #dc #DepartmentOfState #DiplomaticSecurity #dss #federal #FederalGovernment #Foreign #ForeignAffairs #Government #incident #isf #Kidnapping #Madagascar #osac #overseas #OverseasSecurityAdvisoryCouncil #PoliticalViolence #PrivateSector #StateDepartment #Terrorism #TheOverseasSecurityAdvisoryCouncil #Violence
-
https://www.europesays.com/africa/250332/ Weather Alert: Tropical Cyclone Gezani, Madagascar Update 2 on February 10, 2026 #Advisory #affairs #Council #countries #Crime #dc #DepartmentOfState #DiplomaticSecurity #dss #federal #FederalGovernment #Foreign #ForeignAffairs #Government #incident #isf #Kidnapping #Madagascar #osac #overseas #OverseasSecurityAdvisoryCouncil #PoliticalViolence #PrivateSector #StateDepartment #Terrorism #TheOverseasSecurityAdvisoryCouncil #Violence
-
Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets
A supply chain attack on Laravel-Lang involved rewriting all git tags across four Composer packages to inject a secret-stealing payload that triggers during the PHP autoload process.
**If your project uses any Laravel-Lang Composer packages (laravel-lang/lang, http-statuses, actions, or attributes), do not run `composer update` and check whether your lockfile points to a tag pulled on or after May 22, 2026. If you did, assume every secret reachable from that build environment (CI tokens, cloud keys, GitHub PATs, deploy keys, database credentials) is stolen and rotate them all immediately. Block the domain flipboxstudio.info at your DNS and firewall, and only restore builds by pinning to a pre-attack commit SHA you've verified against a local clone.**
#cybersecurity #infosec #advisory #databreach
https://beyondmachines.net/event_details/laravel-lang-supply-chain-attack-every-tag-across-multiple-composer-packages-rewritten-to-steal-ci-secrets-l-n-i-d-r/gD2P6Ple2L -
#OT #Advisory VDE-2026-052
CODESYS Visualization - Insufficiently Protected CredentialsA vulnerability in the CODESYS Visualization login dialog has been identified. During logins within the CODESYS Visualization, authentication data may not be sufficiently isolated when multiple users perform login operations concurrently.
#CVE CVE-2026-0393https://certvde.com/en/advisories/vde-2026-052/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-07_vde-2026-052.json
-
#OT #Advisory VDE-2026-052
CODESYS Visualization - Insufficiently Protected CredentialsA vulnerability in the CODESYS Visualization login dialog has been identified. During logins within the CODESYS Visualization, authentication data may not be sufficiently isolated when multiple users perform login operations concurrently.
#CVE CVE-2026-0393https://certvde.com/en/advisories/vde-2026-052/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-07_vde-2026-052.json
-
#OT #Advisory VDE-2026-052
CODESYS Visualization - Insufficiently Protected CredentialsA vulnerability in the CODESYS Visualization login dialog has been identified. During logins within the CODESYS Visualization, authentication data may not be sufficiently isolated when multiple users perform login operations concurrently.
#CVE CVE-2026-0393https://certvde.com/en/advisories/vde-2026-052/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-07_vde-2026-052.json
-
Linux Kernel Race Condition 'ssh-keysign-pwn' Exposes SSH Keys and Shadow Passwords
A six-year-old Linux kernel race condition (CVE-2026-46333) allows local attackers to steal SSH private keys and password hashes by hijacking file descriptors during process termination. The flaw affects major distributions including Ubuntu and Debian, and a public exploit is available.
**Apply the latest Linux kernel patches ASAP to all affected systems (Ubuntu 22.04/24.04/26.04, Debian 13, Arch, CentOS 9, Raspberry Pi OS, CloudLinux 8/9/10), and rotate all SSH host keys on systems that allowed shell access to untrusted users. Until patched, restrict local shell access to trusted users only and monitor for suspicious use of pidfd_getfd or SUID binaries like ssh-keysign and chage.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/linux-kernel-race-condition-ssh-keysign-pwn-exposes-ssh-keys-and-shadow-passwords-l-d-6-1-e/gD2P6Ple2L -
AI is driving McKinsey’s business model and talent overhaul
Friday 15 May 2026 4:16 pm | Updated: Friday 15 May 2026 5:29 pm AI is…
#NewsBeep #News #Artificialintelligence #advisory #AI #ArtificialIntelligence #artificialintelligence(ai)androbots #bainandco #BostonConsultingGroup #bostonconsultinggroup(bcg) #Business #company #Consulting #employmentandwages #London #McKinsey #People #profservices #ProfessionalServices #Technology #UK #ukjobs #UnitedKingdom
https://www.newsbeep.com/uk/588249/ -
Google Chrome 148 Patches 79 Vulnerabilities Including 14 Critical Flaws
Google released Chrome 148 to patch 79 vulnerabilities, including 14 critical flaws primarily involving use-after-free and memory corruption issues across all major platforms.
**One more huge patch for Chrome and Chromium based browsers (Edge, Opera, Brave, Vivaldi...). Don't delay, it has 14 critical flaws and a whole list bunch of others. Don't debate the severity, it's pointless. Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-chrome-148-patches-79-vulnerabilities-including-14-critical-flaws-j-7-2-u-k/gD2P6Ple2L -
Debian Security Advisory 6272-1 https://packetstorm.news/files/221160 #advisory
-
Ubuntu Security Notice USN-8269-1 https://packetstorm.news/files/221159 #advisory
-
Authentication Bypass Flaw in Palo Alto Networks PAN-OS Sparks Severity Dispute
Palo Alto Networks disclosed a high-severity authentication bypass vulnerability (CVE-2026-0265) in PAN-OS affecting firewalls and Panorama appliances using Cloud Authentication Service. The flaw allows unauthenticated attackers to bypass security controls on management interfaces and GlobalProtect portals.
**Make sure all PAN-OS firewall and Panorama management interfaces are isolated from the internet and accessible only from trusted internal networks. If you use Cloud Authentication Service (CAS), upgrade PAN-OS to a fixed version ASAP, or as a temporary fix switch the authentication profile to SAML or RADIUS until you can patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/authentication-bypass-flaw-in-palo-alto-networks-pan-os-sparks-severity-dispute-j-o-p-a-n/gD2P6Ple2L -
Windows BitLocker and CTFMON Zero-Day Vulnerabilities Reported
A researcher released two unpatched zero-day vulnerabilities, YellowKey and GreenPlasma, which allow attackers to bypass BitLocker encryption with physical access to the devices and escalate system privileges on Windows 11 and Server environments.
**If you use Windows 11 or Windows Server 2022/2025, set a custom BitLocker PIN and a strong BIOS password to block unauthorized booting from USB or external media. Educate users to limit physical access to their devices until Microsoft releases official fixes.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/windows-bitlocker-and-ctfmon-zero-day-vulnerabilities-reported-4-7-e-5-9/gD2P6Ple2L -
Critical Path Traversal Vulnerability in Ivanti Xtraction
Ivanti released a critical security update for Xtraction to patch a path traversal vulnerability CVE-2026-8043) that allows authenticated attackers to read sensitive files and write malicious HTML content.
**Patch your Xtraction instances to version 2026.2 immediately and verify that Multi-Factor Authentication is active for all users. Even though this requires authentication, assume attackers can easily find low-level credentials.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-path-traversal-vulnerability-in-ivanti-xtraction-c-c-m-t-2/gD2P6Ple2L -
https://www.europesays.com/africa/235233/ MEDIA ADVISORY: Chairperson’s 17th High-Level Retreat on the Promotion of Peace, Security and Stability in Africa-African Union #17th #Advisory #Africa #and #chairperson’s #Ethiopia #HighLevel #in #media #of #on #peace #Promotion #retreat #Security #Stability #the
-
Debian Security Advisory 6271-1 https://packetstorm.news/files/221078 #advisory
-
Debian Security Advisory 6268-1 https://packetstorm.news/files/221075 #advisory
-
Ubuntu Security Notice USN-8271-1 https://packetstorm.news/files/221074 #advisory