Security
Headlines
HeadlinesLatestCVEs

Tag

#web

ABB Cylon FLXeon 9.3.5 (siteGuide.js) Authenticated Directory Traversal

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated file traversal via the /api/siteGuide endpoint. An attacker with valid credentials can manipulate the filename parameter to move and access or overwrite arbitrary files. The issue arises due to improper input validation in siteGuide.js, where user-supplied data is not properly sanitized, allowing directory traversal attacks.

Zero Science Lab
Open in Source
#vulnerability#web#linux#nodejs#js#intel#perl#auth
ABB Cylon FLXeon 9.3.5 (siteGuide.js) Authenticated Root Remote Code Execution

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root code execution via the /api/siteGuide endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the filename and/or originalname parameters. The issue arises due to improper input validation in siteGuide.js, where user-supplied data is executed via ChildProcess.exec() without adequate sanitization.

Firefox Tests AI-Powered Perplexity Search Engine Directly in Browser

Mozilla Firefox experiments with AI-powered Perplexity Search Engine in its address bar for version 139, signalling a potential…

Coordinated Intelligence: The Next Frontier for Onchain AI Agents

Disciplined, well-trained, and well-equipped, AI agents are digital soldiers. They operate independently to carry out their orders, working…

Who Even Is a Criminal Now?

WIRED loves a rogue. Except rogues ruined the internet. Is there any salvaging the rebellious spirit without destroying everything?

We 3D-Printed Luigi Mangione’s Ghost Gun. It Was Entirely Legal

In the wake of Luigi Mangione’s alleged killing of a health care CEO with a partially 3D-printed pistol, we built the exact same weapon ourselves—and test-fired it.

For Tech Whistleblowers, There’s Safety in Numbers

Amber Scorah and Psst are building a “digital safe” to help people shine a light on the bad things their bosses are doing, without getting found out.

Zero trust workload identity manager now available in tech preview

Non-human identities—also known as machine or workload identities—are becoming increasingly critical as organizations adopt cloud-native ecosystems and advanced AI workflows. For workloads spanning multiple cloud platforms, adhering to zero trust principles becomes challenging as they cross identity domains. A unified identity framework provides consistency in automating identity issuance and enforcing access control policies across diverse environments. SPIFFE/SPIRE, an open source identity issuance framework, enables organizations to implement centralized, scalable identity management on

I’m done preparing the slides for my talk about Vulristics at PHDays

I’m done preparing the slides for my talk about Vulristics at PHDays. 😇 I’ll be speaking on the last day of the festival – Saturday, May 24, at 16:00 in Popov Hall 25. If you’re there at that time, I’d be glad to see you. If not – join online! 😉 I’ll have an hour […]

Russia-Linked SpyPress Malware Exploits Webmails to Spy on Ukraine

ESET reports on RoundPress, a cyber espionage campaign by Russia’s Fancy Bear (Sednit) targeting Ukraine-related organizations via webmail…