Published on: 2025-04-20 03:05:23
ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. The vulnerability, tracked under CVE-2025-2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous. "An improper authentication control vulnerability exists in certain ASUS router firmware series," r
Keywords: asus firmware series users vulnerability
Find related items on AmazonPublished on: 2025-04-21 15:34:57
A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of the Ruhr University Bochum in Germany and given a maximum severity score of 10.0. All devices running the Erlang/OTP SSH daemon are impacted by the vulnerability and are advised to upgrade to versions 25.3.2.10 and 26.2.4 to fix th
Keywords: daemon erlang flaw ssh vulnerability
Find related items on AmazonPublished on: 2025-04-23 09:54:30
On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. Tracked as CVE-2021-20035, this security flaw impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) devices. Successful exploitation can allow remote threat actors with low privileges to execute arbitrary code in low-complexity attacks. "Improper neutralization of special e
Keywords: attacks exploited sma sonicwall vulnerability
Find related items on AmazonPublished on: 2025-04-24 07:34:39
fotograzia/Getty Images Over the weekend, security experts were beginning to panic. MITRE announced that the US government had not renewed funding for the Common Vulnerabilities and Exposures (CVE) database. MITRE VP Yosry Barsoum warned that the government contract support enabling MITRE "to develop, operate, and modernize CVE" would expire on April 16. That would mean, Barsoum continued, "multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, too
Keywords: cve data mitre security vulnerability
Find related items on AmazonPublished on: 2025-04-25 20:16:12
MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. CVE, the most critical of the two, is maintained by MITRE with funding from the U.S. National Cyber Security Division of the U.S. Department of Homeland Security (DHS). CVE is crucial for providing accuracy, clarity, and shared
Keywords: cve mitre national security vulnerability
Find related items on AmazonPublished on: 2025-05-11 10:14:28
A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. The security issue is tracked as CVE-2025-31334 and affects all WinRAR versions except the most recent release, which is currently 7.11. Mark of the Web is a security function in Windows in the form of a metadata value (an alternate data stream named ‘zone-identifier’) to tag as potentially unsafe files downloaded from th
Keywords: executable motw security vulnerability winrar
Find related items on AmazonPublished on: 2025-05-17 15:20:00
The fediverse, also known as the open social web that includes Mastodon, Meta’s Threads, Pixelfed, and other apps, is ramping up its security. On Wednesday, a nonprofit focused on bringing governance to open source projects, the Nivenly Foundation, announced the launch of a new security fund that will pay those who responsibly disclose security vulnerabilities that affect fediverse apps and services. While all software can have security issues, Mastodon — an open source and decentralized altern
Keywords: fediverse issue security vulnerabilities vulnerability
Find related items on AmazonPublished on: 2025-05-17 23:19:06
Cisco has warned admins to patch a critical Cisco Smart Licensing Utility (CSLU) vulnerability, which exposes a built-in backdoor admin account now used in attacks. CSLU is a Windows app for managing licenses and linked products on-premises without connecting them to Cisco's cloud-based Smart Software Manager solution. Cisco patched this security flaw (CVE-2024-20439) in September, describing it as "an undocumented static user credential for an administrative account" that lets unauthenticated
Keywords: 2024 cisco cslu cve vulnerability
Find related items on AmazonPublished on: 2025-05-30 06:11:04
CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. As the company also explained in an email sent to customers on Friday (seen by BleepingComputer), the security flaw enables attackers to gain unauthenticated access to unpatched servers if they are exposed on the Internet over HTTP(S). "Please take immediate action to patch ASAP. A vulnerability has been addressed today (March 21st, 2025). All CrushFTP v11 versio
Keywords: company crushftp cve patch vulnerability
Find related items on AmazonPublished on: 2025-05-30 17:51:32
A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month. Uncovered by Trend Micro staff researcher Aliakbar Zahravi, this security feature bypass (dubbed 'MSC EvilTwin' and now tracked as CVE-2025-26633) resides in how MSC files are handled on vulnerable devices. Attackers can leverage the vulnerability to evade Windows file reputation protections and execute code because the user is not warned be
Keywords: attacks encrypthub files msc vulnerability
Find related items on AmazonPublished on: 2025-05-30 22:51:32
A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month. Uncovered by Trend Micro staff researcher Aliakbar Zahravi, this security feature bypass (dubbed 'MSC EvilTwin' and now tracked as CVE-2025-26633) resides in how MSC files are handled on vulnerable devices. Attackers can leverage the vulnerability to evade Windows file reputation protections and execute code because the user is not warned be
Keywords: attacks encrypthub files msc vulnerability
Find related items on AmazonPublished on: 2025-06-05 18:13:01
CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO's Backup & Replication software. Tracked as CVE-2024-48248, this absolute path traversal flaw can be exploited by unauthenticated attackers to read arbitrary files on vulnerable devices. The US-based backup and ransomware recovery software vendor silently patched the security flaw with the release of Backup & Replication v11.0.0.88174 in November, almost two months
Keywords: attacks exploited nakivo security vulnerability
Find related items on AmazonPublished on: 2025-06-06 22:58:55
Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. WP Ghost is a popular security add-on used in over 200,000 WordPress sites that claims to stop 140,000 hacker attacks and over 9 million brute-forcing attempts every month. It also offers protection against SQL injection, script injection, vulnerability exploitation, malware dropping, file inclusion exploits, directory trav
Keywords: flaw ghost patchstack vulnerability wp
Find related items on AmazonPublished on: 2025-06-15 14:44:44
Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. IOS XR runs on the company's carrier-grade, Network Convergence System (NCS), and Carrier Routing System (CRS) series of routers, such as the ASR 9000, NCS 5500, and 8000 series. This high-severity flaw (tracked as CVE-2025-20115) was found in the confederation implementation for the Border Gateway Protocol (BGP), and
Keywords: 24 bgp cisco numbers vulnerability
Find related items on AmazonPublished on: 2025-06-20 14:30:54
Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. Fixed in Windows security updates released during this month's Patch Tuesday, the security flaw is now tracked as CVE-2025-24983 and was reported to Microsoft by ESET researcher Filip Jurčacko. The vulnerability is caused by a use-after-free weakness that lets attackers with low privileges gain SYSTEM privileges without requiring us
Keywords: 2025 cve vulnerability windows zero
Find related items on AmazonPublished on: 2025-06-21 22:26:11
Apple on Tuesday patched a critical zero-day vulnerability in virtually all iPhones and iPad models it supports and said it may have been exploited in “an extremely sophisticated attack against specific targeted individuals” using older versions of iOS. The vulnerability, tracked as CVE-2025-24201, resides in Webkit, the browser engine driving Safari and all other browsers developed for iPhones and iPads. Devices affected include the iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd
Keywords: generation ios ipad later vulnerability
Find related items on AmazonPublished on: 2025-06-22 10:45:15
Today is Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities. This Patch Tuesday also fixes three "Critical" vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: 23 Elevation of Privilege Vulnerabilities 3 Security Feature Bypass Vulnerabilities 23 Remote Code Execution Vulnerabilities 4 Information Disclosure Vulnerabilities 1
Keywords: code exploited flaw microsoft vulnerability
Find related items on AmazonPublished on: 2025-07-04 08:40:08
Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. Webex for BroadWorks integrates Cisco Webex's video conferencing and collaboration features with the BroadWorks unified communications platform. While the company has yet to assign a CVE ID to track this security issue, Cisco says in a Tuesday security advisory that it already pushed a configuration change to address the flaw and advised customers to res
Keywords: broadworks cisco credentials vulnerability webex
Find related items on AmazonPublished on: 2025-07-10 05:41:00
Belgium is investigating an alleged data breach of its state security service (VSSE) by Chinese government hackers. In a statement sent to TechCrunch on Friday, the Belgian federal prosecutor’s office said an investigation into a cyberattack was opened in November 2023 after it learned about the alleged breach. This confirms an earlier report by the French-language Belgian newspaper Le Soir, which reported that a Chinese hacking group gained access to the external mail server of the intelligen
Keywords: 2023 barracuda exploited vsse vulnerability
Find related items on AmazonPublished on: 2025-07-12 03:34:14
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-24989, is an improper access control problem impacting Power Pages, allowing unauthorized actors to elevate their privileges over a network and bypass user registration controls. Microsoft says it has addressed the risk at the service level and notified impacted customers accordingly, enclosing instruct
Keywords: microsoft notified pages power vulnerability
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.