Tag: firmware

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready

Jan 28, 2026 1:21 AM

Tags: attack, authentication, cve, exploit, firmware, fortinet, update, vulnerability, zero-day

Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-blocks-exploited-forticloud-sso-zero-day-until-patch-is-ready/
Warum CTEM 2026 zum Fundament moderner OT-Sicherheit wird

Jan 26, 2026 10:21 AM

Tags: firmware, Hardware, risk, vulnerability-management

Vor einigen Jahren war ‘CTEM” nur ein weiteres Akronym von Gartner. Im Jahr 2026 ist es das Organisationsprinzip für jedes ernsthafte OT-Sicherheitsprogramm. CTEM steht für einen Wandel vom periodischen Schwachstellenmanagement hin zu einer kontinuierlichen, risikobasierten Bewertung und Verwaltung von Risiken in Bezug auf Hardware, Firmware, Netzwerkpfade und sogar Abhängigkeiten in der Lieferkette. First seen on…
Sicherheitslücke bei TP-Link: Überwachungskameras per Passwort-Reset knackbar

Jan 20, 2026 12:13 PM

Tags: bug, firmware, password

Wer eine Überwachungskamera von TP-Link hat, sollte zügig die Firmware aktualisieren. Eine Sicherheitslücke verleiht Angreifern Admin-Zugriff. First seen on golem.de Jump to article: www.golem.de/news/tp-link-admin-konten-zahlloser-ueberwachungskameras-knackbar-2601-204385.html
TP-Link: Admin-Konten zahlloser Überwachungskameras knackbar

Jan 20, 2026 10:14 AM

Tags: bug, firmware

Wer eine Überwachungskamera von TP-Link hat, sollte zügig die Firmware aktualisieren. Eine Sicherheitslücke verleiht Angreifern Admin-Zugriff. First seen on golem.de Jump to article: www.golem.de/news/tp-link-admin-konten-zahlloser-ueberwachungskameras-knackbar-2601-204385.html
Redmi Buds Vulnerability Could Allow Call Data Theft and Firmware Instability

Jan 19, 2026 3:13 PM

Tags: access, cyber, data, firmware, flaw, phone, service, theft, vulnerability

Xiaomi’s Redmi Buds series faces critical security flaws that enable attackers to steal sensitive call data and crash devices without authentication. Two newly disclosed vulnerabilities affect Redmi Buds 3 Pro through 6 Pro, allowing unauthenticated adversaries within Bluetooth range to access private phone numbers and trigger repeated denial of service conditions. The vulnerabilities stem from…
Flipping one bit leaves AMD CPUs open to VM vuln

Jan 15, 2026 10:52 PM

Tags: firmware, update

Fix landed in July, but OEM firmware updates are required First seen on theregister.com Jump to article: www.theregister.com/2026/01/15/stackwarp_bug_amd_cpus/
Firmware scanning time, cost, and where teams run EMBA

Jan 14, 2026 7:11 PM

Tags: firmware

Security teams that deal with connected devices often end up running long firmware scans overnight, checking progress in the morning, and trying to explain to colleagues why a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/14/emba-iot-firmware-security/
Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Jan 14, 2026 12:04 AM

Tags: access, attack, best-practice, cloud, cve, cyber, exploit, firmware, flaw, Internet, malicious, microsoft, mitre, ntlm, office, rce, remote-code-execution, service, social-engineering, sql, technology, update, vulnerability, windows, zero-day

8Critical 105Important 0Moderate 0Low Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. Microsoft patched 113 CVEs in its January 2026 Patch Tuesday release, with eight rated critical and 105 rated as important. Our counts omitted one CVE that was assigned by…
Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Jan 14, 2026 12:04 AM

Tags: access, attack, best-practice, cloud, cve, cyber, exploit, firmware, flaw, Internet, malicious, microsoft, mitre, ntlm, office, rce, remote-code-execution, service, social-engineering, sql, technology, update, vulnerability, windows, zero-day

8Critical 105Important 0Moderate 0Low Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. Microsoft patched 113 CVEs in its January 2026 Patch Tuesday release, with eight rated critical and 105 rated as important. Our counts omitted one CVE that was assigned by…
High-severity bug in Broadcom software enables easy WiFi denial-of-service

Jan 13, 2026 3:01 PM

Tags: access, attack, business, encryption, exploit, firmware, flaw, monitoring, network, remote-code-execution, risk, service, software, vulnerability, wifi

Chipset-level bugs linger: Researchers said the vulnerability highlights why protocol-stack implementation remains open to serious flaws. “This attack is both easy to execute and highly disruptive, underscoring that even mature and widely deployed network technologies can still yield new and serious attack vectors,” said Saumitra Das, vice president of engineering at Qualys. “Because the attack…
NDSS 2025 LLMPirate: LLMs For Black-box Hardware IP Piracy

Jan 13, 2026 5:01 AM

Tags: attack, conference, detection, firmware, Hardware, Internet, LLM, mitigation, network, software, vulnerability

Session 8C: Hard & Firmware Security Authors, Creators & Presenters: Vasudev Gohil (Texas A&M University), Matthew DeLorenzo (Texas A&M University), Veera Vishwa Achuta Sai Venkat Nallam (Texas A&M University), Joey See (Texas A&M University), Jeyavijayan Rajendran (Texas A&M University) PAPER LLMPirate: LLMs for Black-box Hardware IP Piracy The rapid advancement of large language models (LLMs)…
NDSS 2025 Mens Sana In Corpore Sano: Sound Firmware Corpora For Vulnerability Research

Jan 12, 2026 6:02 PM

Tags: conference, data, firmware, Internet, linux, network, vulnerability

Session 8C: Hard & Firmware Security Authors, Creators & Presenters: RenÃ© Helmke (Fraunhofer FKIE), Elmar Padilla (Fraunhofer FKIE, Germany), Nils Aschenbruck (University of Osnabrück) PAPER Mens Sana In Corpore Sano: Sound Firmware Corpora for Vulnerability Research Firmware corpora for vulnerability research should be scientifically sound. Yet, several practical challenges complicate the creation of sound corpora:…
Cybersecurity at the edge: Securing rugged IoT in mission-critical environments

Jan 8, 2026 5:05 PM

Tags: 5G, access, attack, authentication, breach, business, cio, compliance, control, credentials, cyber, cybersecurity, data, data-breach, defense, detection, firmware, framework, gartner, Hardware, HIPAA, identity, infrastructure, iot, leak, least-privilege, mitigation, monitoring, network, nist, password, risk, strategy, supply-chain, technology, theft, threat, unauthorized, update, vpn, vulnerability, zero-trust

Defense: Compromised devices can leak mission-critical data or disrupt tactical communications.Utilities: Operational paralysis halts power distribution or water treatment, impacting millions.Public safety: Emergency response systems fail during crises, endangering lives.According to Gartner, in 2023, IoT-related incidents in critical infrastructure surged 400% over the previous three years and the average cost of an OT breach exceeded…
Cybersecurity at the edge: Securing rugged IoT in mission-critical environments

Jan 8, 2026 5:05 PM

Tags: 5G, access, attack, authentication, breach, business, cio, compliance, control, credentials, cyber, cybersecurity, data, data-breach, defense, detection, firmware, framework, gartner, Hardware, HIPAA, identity, infrastructure, iot, leak, least-privilege, mitigation, monitoring, network, nist, password, risk, strategy, supply-chain, technology, theft, threat, unauthorized, update, vpn, vulnerability, zero-trust

Defense: Compromised devices can leak mission-critical data or disrupt tactical communications.Utilities: Operational paralysis halts power distribution or water treatment, impacting millions.Public safety: Emergency response systems fail during crises, endangering lives.According to Gartner, in 2023, IoT-related incidents in critical infrastructure surged 400% over the previous three years and the average cost of an OT breach exceeded…
Unpatched TOTOLINK EX200 Flaw Enables Root-Level Telnet Access, CERT/CC Warns

Jan 7, 2026 9:52 AM

Tags: access, control, cve, firmware, flaw, vulnerability

A serious and unpatched security flaw has been disclosed in the TOTOLINK EX200 wireless range extender. The vulnerability, tracked as CVE-2025-65606, allows a remote authenticated attacker to gain full system control by abusing a flaw in the device’s firmware-upload mechanism. The issue was publicly disclosed by the CERT Coordination Center (CERT/CC) on January 6, 2026, and currently has no…
8 things CISOs can’t afford to get wrong in 2026

Jan 7, 2026 8:52 AM

Tags: access, advisory, ai, attack, automation, awareness, breach, business, ciso, cloud, communications, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, dora, encryption, finance, firmware, GDPR, healthcare, identity, incident response, india, infrastructure, injection, insurance, intelligence, iot, jobs, law, malicious, monitoring, network, privacy, ransom, regulation, resilience, risk, saas, scam, service, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, update, vulnerability, zero-trust

“Identity and access controls for AI agents and AI platforms are one of the most important areas of concern for CISOs,” says Jason Stading, director at global technology research and advisory firm ISG. “Right now, permissions and access rights for AI are a black box in many areas. We will see a major push over…
Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

Jan 6, 2026 5:52 PM

Tags: control, cve, firmware, flaw

The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device.The flaw, CVE-2025-65606 (CVSS score: N/A), has been characterized as a flaw in the firmware-upload error-handling logic, which could cause the device to…
NDSS 2025 Automated Data Protection For Embedded Systems Via Data Flow Based Compartmentalization

Dec 28, 2025 10:56 PM

Tags: access, automation, breach, conference, data, exploit, firmware, Hardware, healthcare, Internet, network, tool, vulnerability

NDSS 2025 – Automated Data Protection For Embedded Systems Via Data Flow Based Compartmentalization Session 7B: Trusted Hardware and Execution Authors, Creators & Presenters: Zelun Kong (University of Texas at Dallas), Minkyung Park (University of Texas at Dallas), Le Guan (University of Georgia), Ning Zhang (Washington University in St. Louis), Chung Hwan Kim (University of…
NDSS 2025 ReDAN: An Empirical Study On Remote DoS Attacks Against NAT Networks

Dec 23, 2025 5:19 AM

Tags: access, attack, cloud, conference, dos, exploit, firmware, Internet, malicious, network, router, side-channel, software, vulnerability, wifi

Session 7A: Network Security 2 Authors, Creators & Presenters: Xuewei Feng (Tsinghua University), Yuxiang Yang (Tsinghua University), Qi Li (Tsinghua University), Xingxiang Zhan (Zhongguancun Lab), Kun Sun (George Mason University), Ziqiang Wang (Southeast University), Ao Wang (Southeast University), Ganqiu Du (China Software Testing Center), Ke Xu (Tsinghua University) PAPER ReDAN: An Empirical Study On Remote…
Sleeping Bouncer Vulnerability Impacts Gigabyte, MSI, ASRock, and ASUS Motherboards

Dec 22, 2025 3:18 PM

Tags: cyber, firmware, Hardware, malicious, vulnerability

A critical firmware vulnerability affecting motherboards from major manufacturers including Gigabyte, MSI, ASRock, and ASUS has been discovered by Riot Games’ Vanguard anti-cheat team. The vulnerability, dubbed >>Sleeping Bouncer,
New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock

Dec 19, 2025 5:19 PM

Tags: access, attack, firmware, flaw, vulnerability

The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-uefi-flaw-enables-pre-boot-attacks-on-motherboards-from-gigabyte-msi-asus-asrock/
ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

Dec 19, 2025 12:19 PM

Tags: attack, firmware, flaw, vulnerability

A new UEFI flaw exposes some ASRock, ASUS, GIGABYTE, and MSI motherboards to early-boot DMA attacks, bypassing IOMMU protections. Researchers warn of a new UEFI vulnerability that affects select ASRock, ASUS, GIGABYTE, and MSI motherboards, enabling early-boot DMA attacks that bypass IOMMU protections. UEFI (Unified Extensible Firmware Interface) is the modern firmware standard that initializes…
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

Dec 19, 2025 10:19 AM

Tags: access, attack, computer, firmware, flaw, vulnerability

Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA) attacks across architectures that implement a Unified Extensible Firmware Interface (UEFI) and inputoutput memory management unit (IOMMU).UEFI and IOMMU are designed to enforce a security First seen…
Racks, sprawl and the myth of redundancy: Why your failover isn’t as safe as you think

Dec 9, 2025 6:32 PM

Tags: access, automation, backup, breach, cloud, control, data, data-breach, defense, detection, dns, encryption, firmware, flaw, infrastructure, intelligence, Internet, metric, mobile, network, resilience, software, strategy, supply-chain, tool, update, vulnerability, zero-day

Cloud complexity and policy traps: Networks, however, no longer stay confined to racks. They live in routing tables, BGP sessions, cloud control planes and software-defined overlays. Many organizations rush to multi-region cloud setups, believing geographic distance alone guarantees resilience. It does not. Last year, I oversaw a global e-commerce platform with active-passive failover across two…
Racks, sprawl and the myth of redundancy: Why your failover isn’t as safe as you think

Dec 9, 2025 6:32 PM

Tags: access, automation, backup, breach, cloud, control, data, data-breach, defense, detection, dns, encryption, firmware, flaw, infrastructure, intelligence, Internet, metric, mobile, network, resilience, software, strategy, supply-chain, tool, update, vulnerability, zero-day

Cloud complexity and policy traps: Networks, however, no longer stay confined to racks. They live in routing tables, BGP sessions, cloud control planes and software-defined overlays. Many organizations rush to multi-region cloud setups, believing geographic distance alone guarantees resilience. It does not. Last year, I oversaw a global e-commerce platform with active-passive failover across two…
Digitale Vertrauensrealität 2026: Wie KI, Quanten und Automatisierung das Sicherheitsfundament neu definieren

Dec 8, 2025 11:32 AM

Tags: ai, firmware, Hardware

Das Vertrauen der Zukunft steckt tief in der Hardware, der Firmware und den kryptografischen Lebenszyklen. Maschinenvertrauen wird damit nicht nur ein Technologiethema, sondern das Fundament globaler digitaler Vernetzung. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/digitale-vertrauensrealitaet-2026-wie-ki-quanten-und-automatisierung-das-sicherheitsfundament-neu-definieren/a43084/
Umgehung der Authentifizierung – Asus stopft acht Sicherheitslücken in Router-Firmware

Dec 8, 2025 7:35 AM

Tags: authentication, firmware, router

First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecken-asus-router-firmware-aktualisierung-a-ee0b40df0e839d866a41efb2cb2b0cd4/
New ASUS firmware patches critical AiCloud vulnerability

Nov 27, 2025 9:49 AM

Tags: authentication, cve, firmware, flaw, router, vulnerability

ASUS released new firmware to address multiple vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. ASUS has issued new firmware addressing nine security vulnerabilities, including a critical authentication bypass, tracked as CVE-2025-59366 (CVSS score of 9.2), affecting routers with AiCloud enabled. >>Researchers have reported potential vulnerabilities in ASUS Router. ASUS has…
Dell ControlVault, Lasso, GL.iNet vulnerabilities

Nov 26, 2025 7:50 PM

Tags: cisco, firmware, software, vulnerability, windows

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Dell ControlVault 3 firmware and its associated Windows software, four vulnerabilities in Entr'ouvert Lasso, and one vulnerability in GL.iNet Slate AX.The vulnerabilities mentioned in this blog post have been patched by their respective First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/dell-controlvault-lasso-gl-inet-vulnerabilities/
ASUS warns of new critical auth bypass flaw in AiCloud routers

Nov 26, 2025 1:49 PM

Tags: authentication, firmware, flaw, router, update, vulnerability

ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/asus-warns-of-new-critical-auth-bypass-flaw-in-aicloud-routers/