Pierluigi Paganini
March 25, 2026
TP-Link patched a high severity flaw (CVE-2025-15517) in Archer NX routers that could let attackers bypass authentication and install malicious firmware. TP-Link issued security updates for its Archer NX router series to fix multiple vulnerabilities, including CVE-2025-15517 (CVSS score of 8.6), a critical authentication bypass flaw. The vulnerability impacts multiple models, including NX200, NX210, NX500, […]
Pierluigi Paganini
March 23, 2026
QNAP fixed four vulnerabilities shown at Pwn2Own 2025 that could enable code execution, data access, or system disruption. Taiwanese vendor QNAP has addressed multiple vulnerabilities, including four SD-WAN router issues (CVE-2025-62843 to CVE-2025-62846) demonstrated at the Pwn2Own Ireland 2025 by Team DDOS. The team chained multiple bugs in QNAP devices to gain root access and […]
Pierluigi Paganini
March 07, 2026
Researchers observed Iran-linked actors targeting IP cameras across Israel and Gulf countries, likely to support military intelligence and battle damage assessment. According to the Check Point Cyber Security Report 2026, cyber operations are increasingly used to support military activity and battle damage assessment (BDA). During the Israel-Iran tensions, researchers from Check Point Software Technologies observed […]
Pierluigi Paganini
February 19, 2026
CISA warns Honeywell CCTVs are affected by a critical auth bypass flaw (CVE-2026-1670) allowing unauthorized access or account hijacking. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that Honeywell CCTVs are affected by a critical authentication bypass flaw, tracked as CVE-2026-1670 (CVSS score of 9.8), that lets attackers change the recovery email without logging […]
Pierluigi Paganini
January 20, 2026
TP-Link fixed a critical flaw that exposed over 32 VIGI C and VIGI InSight camera models to remote hacking, with over 2,500 internet-exposed devices identified. TP-Link fixed a high-severity flaw, tracked as CVE-2026-0629 (CVSS score 8.7), affecting over 32 VIGI C and VIGI InSight camera models. The vulnerability lets attackers on a local network bypass […]
Pierluigi Paganini
January 07, 2026
Attackers are exploiting a critical flaw (CVE-2026-0625) in old D-Link DSL routers that allows remote command execution. Threat actors are actively exploiting a critical RCE flaw, tracked as CVE-2026-0625 (CVSS score of 9.3), in legacy D-Link DSL routers. The vulnerability is an improper neutralization of special elements used in an OS Command (‘OS Command Injection’), […]
Pierluigi Paganini
November 27, 2025
ASUS released new firmware to address multiple vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. ASUS has issued new firmware addressing nine security vulnerabilities, including a critical authentication bypass, tracked as CVE-2025-59366 (CVSS score of 9.2), affecting routers with AiCloud enabled. “Researchers have reported potential vulnerabilities in ASUS Router. ASUS has […]
Pierluigi Paganini
September 04, 2025
US offers $10M for Russian FSB officers Tyukov, Gavrilov & Akulov, accused of attacking US critical infrastructure and over 500 energy firms worldwide. The US Department of State is offering up to $10M for info on FSB officers Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov, accused of hacking US infrastructure and over […]
Pierluigi Paganini
September 04, 2025
Hikvision HikCentral flaw allows unauthenticated users to gain admin rights, risking full control over configs, logs, and critical monitoring. Security researchers warn of three vulnerabilities impacting Hikvision HikCentral, which is a centralized management software used across many industries for video surveillance, access control, and integrated security operations. The three vulnerabilities are: One of them was […]
Pierluigi Paganini
August 21, 2025
FBI warns FSB-linked group Static Tundra is exploiting a 7-year-old Cisco IOS/IOS XE flaw to gain persistent access for cyber espionage. The FBI warns that Russia-linked threat actor Static Tundra exploits Simple Network Management Protocol (SNMP) and end-of-life networking devices running an unpatched vulnerability (CVE-2018-0171) in Cisco Smart Install (SMI) to target organizations in the […]
