Rewterz

Stealc Information Stealer Malware – Active IOCs

December 2, 2025
Rewterz

Lazarus aka Hidden Cobra APT Group – Active IOCs

December 2, 2025

ICS: Multiple Siemens Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-40936 CVSS:7.8

A vulnerability has been identified in PS/IGES Parasolid Translator Component. The affected applications contains an out of bounds read vulnerability while parsing specially crafted IGS files. This could allow an attacker to crash the application or execute code in the context of the current process.

CVE-2025-40834 CVSS:6.8

A vulnerability has been identified in Mendix RichText. Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks.

Impact

  • Gain Access
  • Cross-Site Scripting

Indicators of Compromise

CVE

  • CVE-2025-40936

  • CVE-2025-40834

Affected Vendors

Siemens

Affected Products

  • Siemens PS/IGES Parasolid Translator Component V29.0.258
  • Siemens Mendix RichText V4.0.0 - V4.6.1

Remediation

Refer to Siemens Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-40936

CVE-2025-40834

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.