Two newly disclosed flaws in TP-Link’s Omada and Festa VPN routers have exposed deep-seated weaknesses in the company’s firmware security.
The vulnerabilities, tracked as CVE-2025-7850 and CVE-2025-7851, were identified by researchers from Forescout’s Vedere Labs. These vulnerabilities were described as part of a recurring pattern of incomplete patching and residual debug code.
Read more…
Source: TechPro News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
April 24, 2026
A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency’s name. Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA are part of an operational unit in Homeland Security); the FBI; the DoJ; the IRS; the ...
- When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks
April 22, 2026
Enterprises have long trusted Wi-Fi encryption and client isolation to secure their wireless infrastructure. However, Palo Alto conducted research presented at the NDSS Symposium 2026 that reveals that these safeguards can be breached by a novel set of attack techniques that they call AirSnitch. These techniques exploit subtle security issues in protocol-infrastructure interactions to undermine the ...
- Iran claims US used backdoors to knock out networking equipment during war
April 21, 2026
Iranian media is claiming that the US used backdoors and/or botnets to disable networking equipment during the current war, and Chinese state media is dining out on the allegations. Reports from Iran claim hardware made by Cisco, Juniper, Fortinet, and MikroTik either rebooted or disconnected during recent attacks on Iran – despite the regime disconnecting the ...
- Cisco tells Webex users to patch critical security flaws immediately
April 17, 2026
Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop. Webex Services is a platform for communication and collaboration, letting people hold video meetings, ...
- Russian hacking group targets home and small office routers to spy on users
April 8, 2026
British security officials found that a group linked to the Russian military is spying on users of compromised Small Office/Home Office (SOHO) routers in a broad cyber espionage campaign. A Microsoft blog goes into the technical details of these attacks. The group, which researchers will refer to as APT28, but is also known under names like ...
- Fortinet patches FortiGate Firewall vulnerabilities that allowed hackers to steal enterprise credentials
March 16, 2026
At the start of the year, cybercriminals were exploiting three vulnerabilities in FortiGate Next-Generation Firewalls (NGFW) to establish persistence and move laterally throughout the network. All recorded attacks were stopped before they could do any meaningful harm, and FortiGate has since issued patches to mitigate the risk. Between December 2025 and February 2026, security researchers SentinelOne ...