Pierluigi Paganini
August 04, 2025
Lovense fixed bugs exposing emails and allowing account takeovers. Company CEO may take legal action after the flaws were publicly disclosed. Lovense, a manufacturer of internet-connected sex toys, fixed two vulnerabilities that exposed users’ emails and allowed remote account takeovers. A researcher known as BobDaHacker recently disclosed the flaws after Lovense claimed it would take […]
Pierluigi Paganini
July 31, 2025
Critical flaws in Dahua cameras let hackers take control remotely. The vendor has released patches, users should update firmware asap. Bitdefender cybersecurity experts discovered serious vulnerabilities in Dahua smart cameras that could have allowed hackers to take full control of the devices remotely. Fortunately, the vulnerabilities have been patched, but users are urged to update […]
Pierluigi Paganini
July 25, 2025
Hundreds of LG LNV5110R cameras are affected by an unpatched auth bypass flaw that allows hackers to gain admin access. US Cybersecurity and Infrastructure Security Agency warns that hundreds of LG LNV5110R cameras are impacted by an unpatched authentication bypass vulnerability. The flaw, tracked as CVE-2025-7742 (CVSS score of 8.3), can allow attackers to gain admin […]
Pierluigi Paganini
July 15, 2025
A 20-year-old flaw in End-of-Train and Head-of-Train systems could let hackers trigger emergency braking, finally getting proper attention. US CISA has warned about a critical flaw, tracked as CVE-2025-1727, in the radio-based linking protocol between End-of-Train (EoT) and Head-of-Train (HoT) systems. An End-of-Train (EoT) device, also known as a Flashing Rear End Device (FRED), is […]
Pierluigi Paganini
June 17, 2025
GreyNoise researchers have observed exploit attempts targeting the remote code execution vulnerability CVE-2023-28771 in Zyxel devices. On June 16, GreyNoise researchers detected exploit attempts targeting CVE-2023-28771 (CVSS score 9.8), a remote code execution flaw impacting Zyxel IKE decoders over UDP port 500. “Exploitation attempts against CVE-2023-28771 were minimal throughout recent weeks. On June 16, GreyNoise observed […]
Pierluigi Paganini
June 12, 2025
Over 40,000 internet-exposed security cameras worldwide are vulnerable to remote hacking, posing serious privacy and security risks. Bitsight warns that over 40,000 security cameras worldwide are exposed to remote hacking due to unsecured HTTP or RTSP (Real-Time Streaming Protocol) access. These cameras stream live feeds openly via IP addresses, making them easy targets for spying, […]
Pierluigi Paganini
June 10, 2025
Mirai botnets are exploiting CVE-2025-24016, a critical remote code execution flaw in Wazuh servers, Akamai warned. Akamai researchers warn that multiple Mirai botnets exploit the critical remote code execution vulnerability CVE-2025-24016 (CVSS score of 9.9) affecting Wazuh servers. Wazuh is an open-source security platform used for threat detection, intrusion detection, log data analysis, and compliance […]
Pierluigi Paganini
June 09, 2025
A new variant of the Mirai botnet exploits CVE-2024-3721 to target DVR systems, using a new infection method. Researchers from Russian cybersecurity firm Kaspersky discovered a new variant of the Mirai botnet that exploits a command injection vulnerability (CVE-2024-3721) in TBK DVR-4104 and DVR-4216 digital video recording devices. During a review of the logs in […]
Pierluigi Paganini
June 09, 2025
BadBox 2.0 malware has infected millions of IoT devices globally, creating a botnet used for cyber criminal activities, the FBI warns. The FBI published a Public Service Announcement (PSA) to warn that cybercriminals are using the BADBOX 2.0 botnet to exploit IoT devices on home networks, like streaming devices, projectors, and infotainment systems, mostly made […]
Pierluigi Paganini
May 28, 2025
PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. PumaBot skips broad internet scans and instead pulls a list of targets from its […]
