CISA issued five advisories on March 20, 2025, detailing security vulnerabilities in industrial control systems by multiple vendors, emphasizing the need for urgent updates. Key issues include improper privilege management in Schneider Electric’s EcoStruxure™ and improper input validation in Enerlin’X products. High-severity vulnerabilities in Siemens Simcenter Femap and SMA Sunny Portal also necessitate prompt mitigation. Users should assess risks and update affected software immediately.
How new malware SHELBY targets telecom via phishing
Elastic Security Labs has identified a new malware named SHELBY that targets Iraqi telecoms using a phishing attack. The malware has two components, SHELBYLOADER and
