image
image
image
Expertise Made Accessible

Protect your data, strengthen Your Cybersecurity

At Bexxo, we know that every business is unique. That's why our solutions, compliant with ISO 27001/27002 and NIST standards, are tailored to your needs, budget, and objectives. We ensure optimal security while simplifying your processes.

Free Cybersecurity Analysis

Request a free assessment of your cybersecurity.
Our team will contact you to perform a free analysis of your cybersecurity. No commitment on your part.
Thank you! A member of our team will contact you shortly to perform this free analysis.
Error! An error occurred while submitting the form.

Our Cybersecurity Services

Website Security

icon

01 Complete audit and vulnerability detection

We conduct an in-depth analysis of your website, compliant with ISO 2700x and NIST CSF standards, to identify and correct potential security flaws before they are exploited.

icon

02 Protection against attacks

We deploy robust defense measures to secure your site against attacks such as CSRF, SQL injections, and other common threats.

icon

03 Data security

We ensure the protection of your customers' sensitive data and secure online transactions on your website.

Enterprise Network Security

icon

01 Network infrastructure audit and analysis

We perform a thorough review of your security policies and network, in accordance with ISO 2700x and NIST CSF standards, to identify and correct potential vulnerabilities.

icon

02 Global IT infrastructure protection

We protect your entire IT system against internal and external threats, thus ensuring optimal security for your business.

icon

03 Securing access and sensitive data

We secure your critical access points and protect your confidential data to ensure its integrity.

Cybersecurity Protection

Our Cybersecurity Solutions

We analyze your entire IT infrastructure to identify potential flaws and improve the security of your connections, equipment, and protocols.
We conduct an in-depth diagnosis of your website to detect vulnerabilities and strengthen its protection against cyberattacks, such as SQL injections, XSS flaws, and brute-force attacks.
Our experts assist you in developing and optimizing your IT security policy. Together, we define a tailored strategy to secure your systems, reduce risks, and ensure your compliance with current regulations.
We implement advanced technologies to protect your infrastructures, networks, and sensitive data. From access management to information encryption, we ensure effective protection against cyber threats.
Bexxo?

Why choose Bexxo?

I

Certified Expertise

Our solutions are developed by cybersecurity experts who master industry best practices.

II

Personalized Support

We adapt our services to your specific needs, whether you are an SME or a large company.

III

Proactive Protection

We anticipate threats before they become a problem, thereby reducing risks and the impact of attacks.

Don't let your business be vulnerable to cyber threats. With Bexxo, secure your digital future today!
Our Latest News

Latest Thinking

Previous
Next
The first ransomware

The first ransomware

by: N. Ritler-08 oct. 2017

In order to fraudulently obtain over one billion dollars in 2016, hackers did not hesitate to flood the world with infected emails. More than 40...
View More Insights
Discover our company

How we collaborate with you

icon

Listening and understanding

We take the time to discuss your needs and objectives to fully understand your specific challenges.

icon

In-depth analysis

We examine your security policies, web systems, and network in detail to identify vulnerabilities.

icon

Correction and reinforcement

We deploy solutions to eliminate flaws and strengthen your defenses.

icon

Permanent vigilance

We ensure continuous monitoring and constantly adapt to evolving threats.

About the company
Web Package

Cybersecurity tailored to your challenges

Cyberattacks are becoming increasingly sophisticated and can have disastrous consequences for businesses: loss of critical data, reputational damage, regulatory penalties, and business interruptions. To avoid these risks, it is crucial to implement a robust and proactive cybersecurity strategy.

At Bexxo, we offer tailor-made protection solutions, adapted to your needs and compliant with the most demanding security standards, such as ISO 27001/27002 and NIST. Thanks to our expertise, we analyze, detect, and correct vulnerabilities in your infrastructure to ensure optimal protection.

Permanent Update

Stay ahead with the latest critical security vulnerabilities.

Previous
Next
8.8

CVE-2025-59145 - HIGH
15/09/2025

color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, se...

>> Plus d'informations avec CVE Find
8.6

CVE-2025-59332 - HIGH
15/09/2025

3DAlloy is a lightWeight 3D-viewer for MediaWiki. From 1.0 through 1.8, the <3d> parser tag and the {{#3d}} parser function allow users to provide custom attributes that are then appended to the canvas HTML element that is being output by the extension. The attributes are not sanitized, which means that arbitrary JavaScript can be inserted and executed.

crosssitescriptingOWSAP: A03

>> Plus d'informations avec CVE Find

8.8

CVE-2025-59140 - HIGH
15/09/2025

backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environment...

>> Plus d'informations avec CVE Find
8.8

CVE-2025-59141 - HIGH
15/09/2025

simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environmen...

>> Plus d'informations avec CVE Find
8.8

CVE-2025-59142 - HIGH
15/09/2025

color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. ...

>> Plus d'informations avec CVE Find
8.8

CVE-2025-59143 - HIGH
15/09/2025

color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Loca...

>> Plus d'informations avec CVE Find
8.8

CVE-2025-59144 - HIGH
15/09/2025

debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server e...

>> Plus d'informations avec CVE Find
8.8

CVE-2025-59162 - HIGH
15/09/2025

color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser envi...

>> Plus d'informations avec CVE Find
8.8

CVE-2025-59330 - HIGH
15/09/2025

error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local en...

>> Plus d'informations avec CVE Find
8.8

CVE-2025-59331 - HIGH
15/09/2025

is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local...

>> Plus d'informations avec CVE Find
8.5

CVE-2025-10203 - HIGH
15/09/2025

Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DWF3WORK file. This vulnerability affects Digilent WaveForms 3.24.3 and prior versions.

OWSAP: A01

>> Plus d'informations avec CVE Find

9.8

CVE-2025-57174 - CRITICAL
15/09/2025

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all devices, allowing attackers to craft encrypted packets that execute arbitrary commands without authent...

OWSAP: A02

>> Plus d'informations avec CVE Find

8.7

CVE-2025-58748 - HIGH
15/09/2025

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java) does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon Redshift driver and leverages the socketFactory and socketFactoryArg parameters to invoke org.springf...

OWSAP: A08

>> Plus d'informations avec CVE Find

8.7

CVE-2025-58046 - HIGH
15/09/2025

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct malicious JDBC connection strings that exploit JNDI injection and trigger RMI deserialization, ultimate...

OWSAP: A08OWSAP: A03

>> Plus d'informations avec CVE Find

9.8

CVE-2025-52053 - CRITICAL
15/09/2025

TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

commandinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

8.8

CVE-2025-50110 - HIGH
15/09/2025

An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS

OWSAP: A02OWSAP: A04

>> Plus d'informations avec CVE Find

8.8

CVE-2025-50944 - HIGH
15/09/2025

An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.

authorisationproblemOWSAP: A07

>> Plus d'informations avec CVE Find

9.8

CVE-2025-59359 - CRITICAL
15/09/2025

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

oscommandinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

9.8

CVE-2025-59360 - CRITICAL
15/09/2025

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

oscommandinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

9.8

CVE-2025-59361 - CRITICAL
15/09/2025

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

oscommandinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

Contact Us

We will process your personal information in accordance with our privacy policy.

Thank you, your message has been sent successfully.
Error! The message could not be sent.