Taiwan’s ASUS has announced the release of significant firmware updates aimed at resolving nine identified security vulnerabilities affecting a spectrum of its router models. This announcement, made on Monday, underscores the scale of the potential impact, as the flaws span across popular devices within their product line. Among the identified…
Zyxel Networks has issued security updates to mitigate a critical vulnerability affecting its line of network-attached storage (NAS) devices. This flaw poses a significant security risk, allowing unauthorized users to execute arbitrary commands on the compromised systems. The vulnerability, identified as CVE-2023-27992 with a CVSS score of 9.8, is classified…
Security Flaws Discovered in Wago and Schneider Electric Operational Technology Products Recent findings have revealed three significant security vulnerabilities affecting operational technology (OT) products developed by Wago and Schneider Electric. According to reports from Forescout, these vulnerabilities are part of a more extensive collection of issues known collectively as OT:ICEFALL,…
VMware has announced that a critical command injection vulnerability, designated as CVE-2023-20887, in Aria Operations for Networks (formerly known as vRealize Network Insight), is currently being exploited in the wild. This breach allows attackers with network access to perform command injection attacks, potentially leading to remote code execution. The vulnerability…
A newly identified malware strain, known as Condi, is leveraging a vulnerability found in TP-Link Archer AX21 (AX1800) Wi-Fi routers to integrate these devices into a distributed denial-of-service (DDoS) botnet. This campaign, according to Fortinet’s FortiGuard Labs, has intensified since late May 2023, marking a significant escalation in cyber threats…
On Wednesday, Apple announced a comprehensive series of updates for its iOS, iPadOS, macOS, watchOS, and Safari browser, addressing vulnerabilities that were stated to be actively exploited in the wild. Among these updates are two critical zero-day flaws involved in a mobile surveillance effort dubbed Operation Triangulation, which has been…
A significant security vulnerability has been uncovered in the “Abandoned Cart Lite for WooCommerce” plugin, which is actively utilized on over 30,000 websites. This critical flaw enables potential attackers to access the accounts of users who have left items in their shopping carts. This includes not only standard customers but…
Fortinet has issued critical updates to mitigate a severe security vulnerability in its FortiNAC network access control solution that poses a significant risk of arbitrary code execution. This flaw, identified as CVE-2023-33299, has been assigned a severity score of 9.6 on the CVSS scale, categorizing it as highly critical. The…
A significant security vulnerability has been identified in the miniOrange Social Login and Register plugin for WordPress, potentially allowing malicious parties to gain unauthorized access to user accounts based on pre-known email addresses. This vulnerability, documented as CVE-2023-2982 and assigned an alarmingly high CVSS score of 9.8, impacts all iterations…
