UltraVNC before 1.2.2.4 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in denial-of-service (DoS) condition.

UltraVNC before 1.2.2.4 contains multiple memory leaks (CWE-665) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure.

MIT held Cybersecurity Insight, providing presentations, practical workshops and an ICS CTF in partnership with Kaspersky Lab

An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to...

Exploitation of the vulnerabilities could allow a remote compromise of the managed switch, resulting in disruption of communication and root access to the operating system

Successful exploitations of the vulnerabilities could lead to remote execution of arbitrary code

The vulnerabilities could lead to the disclosure of important information, deletion of files and remote code execution

The vulnerability is caused by the use of hard-coded credentials

The vulnerabilities affect CP635 and CP651 control panels and PB610 Panel Builder 600

This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly...

What threats are relevant to building automation systems and what malware their owners have encountered in the first six months of 2019.

Descriptions of dangerous threats, our findings from analyzing statistics on blocked threats, and possible vectors of malware penetration of ICS computers.

A malware attack has disrupted production at Rheinmetall Group plants in three countries. The company expects it to take 2 to 4 weeks to eliminate the disruption

Affected devices include Cisco 800 Series industrial routers and Cisco 1000 Series Connected Grid Routers (CGR 1000)

Rdesktop before version 1.8.5 contains multiple out-of-bound access read vulnerabilities in its code, which results in a denial-of-service (DoS) condition. This attack appear to be exploitable via...

Kaspersky’s seventh international conference dedicated to industrial cybersecurity took place on September 18­­-20 in Sochi, Russia.

Findings of research on different implementations of the VNC remote access system. Memory corruption vulnerabilities were found, some of which, if exploited, could lead to remote code execution.

October 14 and 15, 2019, Kaspersky ICS CERT experts provided an exclusive two-day training program on applied industrial cybersecurity at the Deggendorf Institute of Technology (DIT) for graduate...

The findings of our research can be used to make a more objective assessment of risks associated with using modern biometric authentication systems.

Vulnerable solutions include SiNVR 3, XHQ Operations Intelligence, RUGGEDCOM ROS, and Siemens EN100

Vulnerabilities have been identified in SPPA-T3000 Application Server and MS3000 Migration Server. Some of the faults are critical and could allow attackers to execute arbitrary code on the server

If exploited, the vulnerabilities could result in denial of service. They can be fixed by updating device firmware

Emotet was distributed via phishing emails and was used to deploy ransomware

AL26-004 - Critical vulnerability affecting Cisco Catalyst SD-WAN - CVE-2026-20127

Zyxel security advisory (AV26-167)

Trend Micro security advisory (AV26-168)

AMD security advisory (AV26-169)

GitLab security advisory (AV26-170)

JetBrains security advisory (AV26-171)

Cisco security advisory (AV26-166) – Update 1