Tag: router
-
Critical D-Link Vulnerability Lets Remote Attackers Crash Servers Without Authentication
Security researchers have discovered a critical stack-based buffer overflow vulnerability in D-Link DIR-825 Rev.B 2.10 routers that allows remote attackers to crash servers without requiring authentication. The vulnerability, designated as CVE-2025-7206, affects the router’s httpd binary and can be exploited by manipulating the language parameter in the switch_language.cgi script. This flaw poses significant risks to…
-
U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS) flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS) flaws to…
-
RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks
Cybersecurity researchers are calling attention to a malware campaign that’s targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet called RondoDox.The vulnerabilities in question include CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an operating First seen on…
-
RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks
Cybersecurity researchers are calling attention to a malware campaign that’s targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet called RondoDox.The vulnerabilities in question include CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an operating First seen on…
-
CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of flaws is as follows -CVE-2014-3931 (CVSS score: 9.8) – A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to…
-
Critical D-Link Router Flaws Allow Remote Code Execution by Attackers
Tags: cyber, firmware, flaw, Hardware, network, remote-code-execution, risk, router, service, vulnerabilityA series of critical security vulnerabilities have been identified in D-Link DIR-816 routers, exposing users worldwide to the risk of remote code execution and network compromise. The flaws affect all hardware revisions and firmware versions of the DIR-816 (non-US), which has reached its End of Life (EOL) and End of Service Life (EOS), meaning no…
-
Cisco warns of critical API vulnerabilities in ISE and ISE-PIC
Tags: access, ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisco, ciso, cloud, communications, control, credentials, data, defense, email, endpoint, exploit, firewall, flaw, framework, guide, Hardware, incident response, malicious, microsoft, mobile, network, penetration-testing, programming, risk, router, saas, sans, service, software, threat, update, vpn, vulnerability, wafroot user.The fault behind both vulnerabilities: Holes in application programming interfaces (APIs).”Take this vulnerability seriously,” said Moses Frost, senior course instructor on cloud penetration testing at the SANS Institute. “In my experience assessing networks, I have found through testing that many lack essential patches and security hardening on their core network devices. I have seen Cisco…
-
U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these…
-
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, fortinet, infrastructure, kev, router, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The list of vulnerabilities is as follows -CVE-2024-54085 (CVSS score: 10.0) – An authentication bypass by spoofing First seen…
-
LapDogs Hackers Compromise 1,000 SOHO Devices Using Custom Backdoor for Stealthy Attacks
Security researchers at SecurityScorecard have uncovered a sprawling cyber-espionage campaign orchestrated by the LapDogs Operational Relay Box (ORB) Network, a sophisticated infrastructure compromising over 1,000 devices worldwide. Identified as a key tool for China-Nexus threat actors, LapDogs primarily targets Small Office/Home Office (SOHO) routers and IoT devices, particularly Linux-based systems, to facilitate covert operations. This…
-
Salt Typhoon Targets Telecoms via Router Flaws, Warn FBI and Canada
Salt Typhoon, a China-linked group, is exploiting router flaws to spy on global telecoms, warns a joint FBI and Canadian advisory issued in June 2025. First seen on hackread.com Jump to article: hackread.com/salt-typhoon-targets-telecoms-router-flaws-fbi-canada/
-
China-linked LapDogs Campaign Drops ShortLeash Backdoor with Fake Certs
ShortLeash backdoor, used in the China-linked LapDogs campaign since 2023, enables stealth access, persistence, and data theft via compromised SOHO routers and fake certs. First seen on hackread.com Jump to article: hackread.com/china-lapdogs-drops-shortleash-backdoor-fake-certs/
-
Chinese Hackers Turn Unpatched Routers Into ORB Spy Network
ShortLeash Backdoor Hijacks SOHO Linux Devices. Likely Chinese nation-state hackers are converting Internet of Things devices including Ruckus Wireless home routers into an operational relay box network – a run of infections creating more digital infrastructure almost certainly used for cyberespionage. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-hackers-turn-unpatched-routers-into-orb-spy-network-a-28784
-
Hackers Allegedly Selling Intelbras Router 0-Day Exploit on Dark Web Forums
A threat actor has reportedly put up for sale a previously unknown, or >>zero-day,
-
U.S. CISA adds Apple products, and TP-Link routers flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products, and TP-Link routers flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products, and TP-Link routers flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: Last week, Apple confirmed that the now-patched…
-
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, router, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8), a command injection bug that could result in the execution of arbitrary system commands when…
-
Mirai botnet weaponizes PoC to exploit Wazuh open-source XDR flaw
Two Mirai variants integrate the exploit: The first botnet exploiting CVE-2025-24016 was detected by Akamai in March and used a proof-of-concept (PoC) exploit that was published for the vulnerability in late February. That exploit targets the /security/user/authenticate/run_as API endpoint.The second botnet was detected in early May and targeted the /Wazuh endpoint, but the exploit payload…
-
Aufbau eines Botnets? – Tausende Asus-Router durch Backdoor kompromittiert
First seen on security-insider.de Jump to article: www.security-insider.de/asus-router-angriff-botnetz-vorbereitung-a-70ee525d302b84a03049426a5af80aec/
-
VMware NSX XSS Vulnerability Exposes Systems to Malicious Code Injection
Broadcom has issued a high-severity security advisory (VMSA-2025-0012) for VMware NSX, addressing three newly discovered stored Cross-Site Scripting (XSS) vulnerabilities: CVE-2025-22243, CVE-2025-22244, and CVE-2025-22245. These vulnerabilities impact the NSX Manager UI, gateway firewall, and router port components, exposing organizations to potential code injection attacks if left unpatched. The vulnerabilities, all stemming from improper input validation,…
-
ASUS Router Hijackings Highlight Urgent Need for Advanced Threat Detection and Response
Introduction: A Breach Beyond the EndpointA new campaign targeting ASUS routers has compromised more than 9,000 devices worldwide, exposing a hidden weakness in many organizations’ security strategies: insufficient visibility and control at the edge. The attack, dubbed ViciousTrap, exploits CVE-2023-39780″, a command injection vulnerability”, to deploy malware that persists even after reboots and firmware updates.…
-
Solarstrom, Router und staatlich gelenkte Hacktivisten – Cyberangriffe auf vernetzte Infrastrukturen nehmen 2025 rasant zu
First seen on security-insider.de Jump to article: www.security-insider.de/cybersicherheit-kritische-infrastrukturen-angriff-2025-a-8ca3b652ea1d7435728bc835f0434e5c/
-
Next.js Dev Server Vulnerability Leads to Developer Data Exposure
A recently disclosed vulnerability, CVE-2025-48068, has raised concerns among developers using the popular Next.js framework. This flaw, affecting versions 13.0.0 through 15.2.1 when the App Router is enabled, allows attackers to exploit the development server via Cross-site WebSocket Hijacking (CSWSH), potentially exposing sensitive application source code. The issue has been addressed in version 15.2.2, but…
-
Over 9,000 Routers Hijacked: ASUS Users Caught in Ongoing Cyber Operation
Over 9,000 ASUS routers were hacked in a stealth cyberattack exploiting CVE-2023-39780. Learn how it works and what ASUS users should do to stay safe. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/asus-routers-hijacked-2025/
-
New Botnet Plants Persistent Backdoors in ASUS Routers
Thousands of ASUS routers have been infected and are believed to be part of a wide-ranging ORB network affecting devices from Linksys, D-Link, QNAP, and Araknis Network. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/botnet-persistent-backdoors-asus-routers
-
ASUS router backdoors affect 9K devices, persist after firmware updates
First seen on scworld.com Jump to article: www.scworld.com/news/asus-router-backdoors-affect-9k-devices-persist-after-firmware-updates
-
Thousands of ASUS Routers Hit by Persistent Backdoor
Persistent Attack Grants Remote SSH Access via Exploit. Someone – possibly nation-state hackers – appears to be constructing a botnet from thousands of Asus routers in hacking that survives a firmware patch and reboots. Nearly 9,000 routers have been compromised and the number is growing, say researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/thousands-asus-routers-hit-by-persistent-backdoor-a-28539
-
Thousands of ASUS routers compromised in sophisticated hacking campaign
Researchers have previously linked the suspected threat actor, dubbed ViciousTrap, to the exploitation of Cisco routers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/thousands-asus-routers-compromised-hacking/749259/
-
8,000+ Asus routers popped in ‘advanced’ mystery botnet plot
No formal attribution made but two separate probes hint at the same suspect First seen on theregister.com Jump to article: www.theregister.com/2025/05/29/8000_asus_routers_popped_in/
-
Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign
A threat actor has used ASUS routers’ legitimate features to create persistent backdoors that survive firmware updates and reboots First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/thousands-asus-routers-compromised/