Issues like this emphasize the need for stringent cybersecurity measures across critical sectors r.sec-consult.com/hasomed Thanks for the fast und professional response Elefant Praxissoftware #EU #CyberResilienceAct #infosec #criticalInfrastructure #CVD

Some things are best kept "unclear". Like passwords to control levels. r.sec-consult.com/t3000 Multiple vulnerabilities in Siemens Energy Omnivise T3000 control systems allowed attackers to e.g. elevate the privileges to an administrative user and take it from there #infosec

Early detection stopped a #Ransomware attack before it began. Learn how proactive investigation & quick action saved the day in this real 2024 case from SEC Defence. 💻 Read now: r.sec-consult.com/active-intrusi… #CyberSecurity #IncidentResponse

Learn more about "SMTP Smuggling Revisited – Still Spoofing E-mails Worldwide?!" - Timo Lo(n)gin | Nov 23, 14:10 | BSidesVienna.at #teamsecconsult bsidesvienna.at

🚨 Critical Vulnerabilities Found in High-End Network Scanners! 14 critical vulnerabilities in Image Access Scan2Net platform (firmware ≤7.42), including RCE via OS Command Injection, Privilege Escalation, XSS, SQL Injection, & more r.sec-consult.com/imageaccess

Critical industries rely on Wind River VxWorks, but a weakness in its #password hashing raises serious security concerns.🔓Expert Stefan Viehböck breaks down the issue, the vendor’s response, and how it should’ve been addressed 🔍 r.sec-consult.com/vxblog 🔐 Technical advisory & PoC also

🚨 Several high risk vulnerabilities affecting Wattsense Bridge devices. 💪 The majority of the issues have been resolved already and patches are available. So update now! 👉 r.sec-consult.com/wattsense #cybersecurity #infosec #patchalert

Caution: Siemens industrial controllers (A8000 PLCs) allow attackers to downgrade firmware or decrypt updates. r.sec-consult.com/a8000 Patch now! #CyberSecurity #ICS #infosec #PLC Siemens Industry

Remote access programs can be exploited by attackers. Tracking installations is tedious. Using LOLRMM data, we've created Velociraptor artifacts to find these programs, aiding incident responders. Adopted in DetectRaptor. 👉r.sec-consult.com/m7o #knowledgedrop #dfir

⚠️ We discovered CVE-2025-22458 – a privilege escalation vuln in Ivanti Endpoint Manager. A SYSTEM task loads DLLs from user-writable paths, enabling local escalation & persistence. Patch available! Full advisory: r.sec-consult.com/ohk LazyTitan #CVE2025 #Ivanti #EPM

🚨 New finding: Misconfigs in HP Wolf Security, Sure Access, and Sure Click Enterprise can open the door to: • Client deactivation • Log forging • App access bypass • Malware execution • CSRF-based attacks All discovered by us. 🔎 Details & fixes: r.sec-consult.com/e8u

🚨 Our Vulnerability Lab found an authenticated command injection in Honeywell MB-Secure. ➡️ Authenticated attackers can run system commands. Read the full advisory: 🔗 r.sec-consult.com/hf9 #CyberSecurity #CommandInjection #Infosec #RedTeam #VulnerabilityDisclosure

🔒 Critical flaws found in Hardy Barth EV chargers: ⚠️ Unauth. access ⚠️ Full sys. compromise possible ❗ No patch available yet CPOs: Secure devices,isolate networks 📄 Full advisory: r.sec-consult.com/echarge #CyberSecurity #EVCharging #VulnerabilityDisclosure #SECConsult

🔐 Chained RCE found – and fixed right! Our Vulnerability Lab discovered critical issues in the MEDICAL OFFICE demo by INDAMED. Textbook CVD: Fixes scheduled, production not affected. 👏 Kudos to INDAMED for their professional response. 🔎 r.sec-consult.com/indamed #CyberSecurity

🔒 Undocumented Root Shell on SIMCom Wireless Modem: ⚠️ Unauth. control ⚠️ Firmware manipulation, backdoors ❗ No patch available yet CPOs: Secure device,monitor logs, Reach out to SIMCom Wireless 📄 Full advisory: r.sec-consult.com/simcom

Reflected XSS in #ONLYOFFICE Docs ≤v8.3.1 via crafted WOPI requests – allows JS injection, session hijacking & phishing 🛡️Fixed in v8.3.2 – update now! 🔗 Patch & : github.com/ONLYOFFICE/Doc… 📄 Advisory: r.sec-consult.com/onlyoffice #InfoSec #CyberSecurity #XSS The ONLYOFFICE

🚨New advisory: We discovered multiple medium-risk stored XSS vulns. in Optimizely Episerver CMS (v11&12). Attackers can run malicious JavaScript in the victim's browser. Affected organizations should patch immediately. 🔗r.sec-consult.com/optimizely #CyberSecurity #XSS #Infosec