Dataproof Communications

View CSAF Summary Successful exploitation of this vulnerability could result in an unauthenticated attacker modifying critical device settings or factory resetting the device. The following versions of Synectix LAN 232 TRIO are affected: LAN 232 TRIO vers:all/* (CVE-2026-1633) CVSS Vendor Equipment Vulnerabilities v3 10 Synectix Synectix LAN 232 TRIO Missing Authentication for Critical Function Background Critical Infrastructure Sectors: Critical Manufacturing, Emergency Services, Energy, Information Technology, Transportation Systems, Water and Wastewater Countries/Areas Deployed: Worldwide Company Headquarters...

Introduction On February 2, 2026, the developers of Notepad++, a text editor popular among developers, published a statement claiming that the update infrastructure of Notepad++ had been compromised. According to the statement, this was due to a hosting provider-level incident, which occurred from June to September 2025. However, attackers had been able to retain access to internal services until December...

- Read more

- Read more

Elastic 9.3 integrates native workflow automation into the Elasticsearch Platform with Elastic Workflows, enables users to ask questions of their data using natural language and simplifies the development of AI agents with Agent Builder, and more. - Read more

Version 8.19.11 of the Elastic Stack was released today. We recommend you upgrade to this latest version. We recommend 8.19.11 over the previous version 8.19.10 For details of the issues that have been fixed and a full list of changes for each product in this version, please refer to the release notes. - Read more

Google Cloud Platform (GCP) Cloud Monitoring PE to Cloud Run Using Uptime Checks Service Agent Authentication Tenable Research has identified and responsibly disclosed a privilege escalation vulnerability in Google Cloud Monitoring. This flaw allowed a low-privileged attacker to bypass Identity and Access Management (IAM) controls and invoke authenticated Cloud Run services despite lacking permissions.Cloud Monitoring Uptime Checks can be...

NSA released new guidelines to help organizations achieve target-level Zero Trust maturity - Read more

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central America, focusing on government, telecom, aviation, critical infrastructure, and media sectors.Our investigation identified a security incident...

Attackers exploited Hugging Face’s trusted infrastructure to spread an Android RAT, using fake security apps and thousands of malware variants. The post Hugging Face Repositories Abused in New Android Malware Campaign appeared first on TechRepublic. - Read more