Tag: router
-
Smishing Campaigns Exploit Cellular Routers to Target Belgium
New smishing attacks exploit Milesight routers to send phishing texts targeting Belgian users First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/smishing-exploit-cellular-routers/
-
Hackers Use Cellular Router API to Send Malicious SMS with Weaponized Links
The monitoring and analysis of vulnerability exploitations are among the primary responsibilities of Sekoia.io’s Threat Detection & Research (TDR) team. Using honeypots, the team monitors traffic targeting edge devices and internet-facing applications. On 22 July 2025, suspicious network traces appeared in our honeypots, reveals that a cellular router’s API was exploited to deliver smishing campaigns…
-
New Botnet ‘Loader-as-a-Service’ Turns Home Routers and IoT into Mirai Farms
CloudSEK has uncovered a sophisticated Loader-as-a-Service botnet campaign spanning the last six months, leveraging exposed command-and-control logs to orchestrate attacks against SOHO routers, embedded Linux devices, and enterprise applications. The threat actors exploit unsanitized POST parameters”, such as NTP, syslog, and hostname fields”, alongside default credentials and known CVEs in WebLogic, WordPress, and vBulletin systems…
-
Critical Cisco Flaw Lets Remote Attackers Execute Code on Firewalls and Routers
Cisco published Security Advisory cisco-sa-http-code-exec-WmfP3h3O revealing a severe flaw in multiple Cisco platforms that handle HTTP-based management. Tracked as CVE-2025-20363, this vulnerability stems from improper validation of user-supplied input in HTTP requests. CVE Affected Products Impact CVSS 3.1 Score CVE-2025-20363 Secure Firewall ASA & FTD with SSL VPN or MUS enabled; IOS/IOS XE with Remote…
-
Critical Cisco Flaw Lets Remote Attackers Execute Code on Firewalls and Routers
Cisco published Security Advisory cisco-sa-http-code-exec-WmfP3h3O revealing a severe flaw in multiple Cisco platforms that handle HTTP-based management. Tracked as CVE-2025-20363, this vulnerability stems from improper validation of user-supplied input in HTTP requests. CVE Affected Products Impact CVSS 3.1 Score CVE-2025-20363 Secure Firewall ASA & FTD with SSL VPN or MUS enabled; IOS/IOS XE with Remote…
-
Patch now: Attacker finds another zero day in Cisco firewall software
Tags: access, attack, best-practice, cisa, cisco, cve, cyber, defense, detection, exploit, firewall, firmware, Hardware, incident response, malware, monitoring, network, resilience, risk, router, software, technology, threat, tool, update, vpn, vulnerability, zero-day, zero-trustroot, which may lead to the complete compromise of the device.Affected are devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) software, Cisco Secure Firewall Threat Defense (FTD) software, as well as devices running Cisco IOS, IOS XE and IOS XR software. There are two attack scenarios:an unauthenticated, remote attacker getting into devices running Cisco…
-
New Botnet Exploits Simple DNS Flaws That Leads to Massive Cyber Attack
Cybersecurity researchers have uncovered a sophisticated Russian botnet operation that leveraged DNS misconfigurations and compromised MikroTik routers to deliver malware through massive spam campaigns. The discovery reveals how threat actors exploited simple DNS errors to bypass email security protections and distribute malicious payloads on a global scale. The investigation began in November 2024 when researchers…
-
SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers
A proxy network known as REM Proxy is powered by malware known as SystemBC, offering about 80% of the botnet to its users, according to new findings from the Black Lotus Labs team at Lumen Technologies.”REM Proxy is a sizeable network, which also markets a pool of 20,000 Mikrotik routers and a variety of open…
-
Where CISOs need to see Splunk go next
Tags: ai, api, automation, cisco, ciso, cloud, communications, compliance, conference, crowdstrike, cybersecurity, data, data-breach, detection, finance, framework, google, incident response, intelligence, jobs, metric, microsoft, open-source, RedTeam, resilience, risk, router, siem, soar, strategy, tactics, threat, tool, vulnerabilityResilience resides at the confluence of security and observability: There was also a clear message around resilience, the ability to maintain availability and recover quickly from any IT or security event.From a Cisco/Splunk perspective, this means a more tightly coupled relationship between security and observability.I’m reminded of a chat I had with the chief risk…
-
TP-Link Router Zero-Day Lets Attackers Execute Code by Bypassing ASLR
Researchers have uncovered a zero-day vulnerability in TP-Link routers that allows attackers to bypass Address Space Layout Randomization (ASLR) and execute arbitrary code remotely. Tracked as CVE-2025-9961, this flaw resides in the CWMP (TR-069) binary and can be triggered through malformed SOAP requests, granting full control of affected devices. A detailed technical walkthrough of discovery,…
-
AISURU Botnet Fuels Record-Breaking 11.5 Tbps DDoS Attack With 300,000 Hijacked Routers
The newly identified AISURU botnet, leveraging an estimated 300,000 compromised routers worldwide, has been pinpointed as the force behind a record-shattering 11.5 Tbps distributed denial-of-service (DDoS) attack in September 2025. This unprecedented assault eclipses the previous 5.8 Tbps peak seen earlier in the year and underscores a dangerous escalation in botnet scale and sophistication. First…
-
Wurden Router-URLs sphairon.box und zyxel.box gekapert?
Ich stelle mal ein Thema hier in den Blog, das mir jetzt von zwei Lesern gemeldet wurde und mich an einen alten Vorfall bei AVM zur fritz.box-URL erinnert. Es sieht so aus, dass die von Routern (Zyxel, Sphairon) zum Zugriff … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/12/wurden-router-urls-sphairon-box-und-zyxel-box-gekapert/
-
Anti-DDoS outfit walloped by record packet flood
FastNetMon says 1.5 Gpps deluge from hijacked routers, IoT kit nearly drowned scrubbing shop First seen on theregister.com Jump to article: www.theregister.com/2025/09/11/fastnetmon_ddos_attack/
-
CISA Warns: TP-Link Vulnerabilities Under Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding critical vulnerabilities in popular TP-Link router models that are currently being actively exploited by cybercriminals. These security flaws affect widely-used home and small business networking devices, putting millions of users at risk. Critical Vulnerabilities Identified Two severe vulnerabilities have been added to…
-
New TP-Link zero-day surfaces as CISA warns other flaws are exploited
TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-tp-link-zero-day-surfaces-as-cisa-warns-other-flaws-are-exploited/
-
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited
Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, router, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild.The vulnerabilities in question are listed below -CVE-2023-50224 (CVSS score: 6.5) – An authentication bypass by spoofing vulnerability First…
-
Chinese APT Groups Exploit Router Flaws to Breach Enterprises
Chinese state-sponsored Advanced Persistent Threat (APT) groups have escalated their cyber espionage campaigns, systematically targeting global telecommunications, government, and military networks through sophisticated router exploitation techniques since 2021. Since at least 2021, Chinese state-sponsored cyber actors have been conducting extensive, stealthy operations to infiltrate and control key network devices across critical sectors worldwide. These malicious…
-
Hacked Routers Linger on the Internet for Years, Data Shows
While trawling Internet scan data for signs of compromised infrastructure, researchers found that asset owners may not know for years their devices had been hacked. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/hacked-routers-linger-on-the-internet-for-years-data-shows
-
Chinese hacking group Salt Typhoon expansion prompts multinational advisory
Tags: advisory, attack, authentication, breach, china, cisco, communications, container, corporate, country, cyber, data, exploit, firmware, flaw, government, group, hacking, infrastructure, intelligence, Internet, ivanti, malware, military, monitoring, network, password, router, service, software, technology, threat, update, vulnerability, zero-dayIvanti, Palo Alto Networks, Cisco flaws exploited: Salt Typhoon has been active since at least 2021, targeting critical infrastructure in telecom, transportation, government, and military bodies around the globe. Notably, a “cluster of activity” has been observed in the UK, according to the country’s National Cyber Security Centre.The group has had “considerable success” with “n-days,”…
-
Salt Typhoon Exploits Flaws in Edge Network Devices to Breach 600 Organizations Worldwide
The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging, and military infrastructure sectors.”While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and First seen on thehackernews.com Jump…
-
Salt Typhoon Cyber Spies Breached 80+ Nations, FBI Warns
Salt Typhoon hackers bypassed smash-and-grab tactics, infiltrating routers and surveillance systems to steal sensitive data and evade detection. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-salt-typhoon-cyber-spies-breach/
-
Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide
The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging, and military infrastructure sectors.”While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and First seen on thehackernews.com Jump…
-
Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader.The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in First seen on blog.talosintelligence.com Jump to article:…
-
New Stealthy Malware Hijacking Cisco, TP-Link, and Other Routers for Remote Control
FortiGuard Labs has uncovered a sophisticated malware campaign targeting critical infrastructure devices from multiple vendors, with the >>Gayfemboy
-
New Stealthy Malware Hijacking Cisco, TP-Link, and Other Routers for Remote Control
FortiGuard Labs has uncovered a sophisticated malware campaign targeting critical infrastructure devices from multiple vendors, with the >>Gayfemboy
-
Russian State Hackers Exploit 7-Year-Old Cisco Router Vulnerability
FBI and Cisco warn Russian hackers are exploiting a 7-year-old Cisco Smart Install vulnerability on outdated routers and… First seen on hackread.com Jump to article: hackread.com/russian-state-hackers-exploit-cisco-router-vulnerability/
-
Surge in Scans From Hacked Cisco, Linksys, and Araknis Routers
Cybersecurity researchers have identified a significant increase in malicious scanning activities originating from compromised consumer and enterprise networking equipment, with particular focus on Cisco, Linksys, and Araknis router models. The Shadowserver Foundation, a prominent threat intelligence organization, has reported observing unusual scanning patterns that suggest widespread compromise of these networking devices. Security analysts are tracking…
-
Surge in Scans From Hacked Cisco, Linksys, and Araknis Routers
Cybersecurity researchers have identified a significant increase in malicious scanning activities originating from compromised consumer and enterprise networking equipment, with particular focus on Cisco, Linksys, and Araknis router models. The Shadowserver Foundation, a prominent threat intelligence organization, has reported observing unusual scanning patterns that suggest widespread compromise of these networking devices. Security analysts are tracking…
-
Ballooning PolarEdge Botnet a Suspected Cyberespionage Op
PolarNet Has Hallmarks of an Operational Relay Box. Nearly 40,000 enterprise-grade devices and consumer-class routers, IP cameras and more are infected with malware researchers codenamed PolarEdge, controlled by a botnet of the same name, which experts suspect is designed to hide traffic tied to cyberespionage operations. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ballooning-polaredge-botnet-suspected-cyberespionage-op-a-29246