Network Security

NEWS 
  • Cloudflare outage impacts thousands, disrupts transit systems, ChatGPT, X and more

    November 18, 2025

    A widely used Internet infrastructure company said that it has resolved an issue that led to outages impacting users of everything from ChatGPT and the online game, “League of Legends,” to the New Jersey Transit system early Tuesday. Around 10 a.m. ET, Cloudflare said it was “continuing to monitor for errors to ensure all services are ...

  • Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products

    November 14, 2025

    CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall. This vulnerability affects the following FortiWeb versions:1 8.0.0 through 8.0.1 7.6.0 through 7.6.4 7.4.0 through 7.4.9 7.2.0 through 7.2.11 7.0.0 through 7.0.11 CVE-2025-64446 is a relative path traversal vulnerability CWE-23: Relative Path Traversal that may allow an unauthenticated ...

  • CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities

    November 12, 2025

    CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target ...

  • Hidden debug code returns from the dead as TP-Link routers face a wave of new critical root access flaws

    October 23, 2025

    Two newly disclosed flaws in TP-Link’s Omada and Festa VPN routers have exposed deep-seated weaknesses in the company’s firmware security. The vulnerabilities, tracked as CVE-2025-7850 and CVE-2025-7851, were identified by researchers from Forescout’s Vedere Labs. These vulnerabilities were described as part of a recurring pattern of incomplete patching and residual debug code. Read more… Source: TechPro News Sign up ...

  • China accuses US of cyber breaches at national time centre

    October 20, 2025

    China has accused the U.S. of stealing secrets and infiltrating the country’s national time centre, warning that serious breaches could have disrupted communication networks, financial systems, the power supply and the international standard time. The U.S. National Security Agency has been carrying out a cyberattack operation on the National Time Service Center over an extended period ...

  • Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits

    October 15, 2025

    TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices. The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older ...

  • SonicWall confirms all of its cloud backup customers were affected by data breach

    October 10, 2025

    All companies using SonicWall’s MySonicWall cloud backup feature have had their firewall configuration files exposed in a recent cyberattack, the company has admitted. After initially claiming “fewer than 5%” of its customer base was affected, the company has revealed the true scale of the incident. In mid-September 2025, SonicWall warned its firewall customers to reset their ...

  • RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits

    October 9, 2025

    The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure. This campaign consists of over 50 exploits, including unpatched router flaws across over 30 vendors, targeting vulnerabilities found in routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV ...

  • TOTOLINK X6000R: Three New Vulnerabilities Uncovered

    October 1, 2025

    Palo Alto security researchers have uncovered three vulnerabilities in the firmware of the TOTOLINK X6000R router, version V9.4.0cu.1360_B20241207, released on March 28, 2025: TOTOLINK is a manufacturer of networking products, including routers and other Internet of Things (IoT) devices used by consumers worldwide. The widespread adoption of these products makes their security a critical area of ...

  • CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices

    September 25, 2025

    Today, CISA issued Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices to address vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Cisco Firepower devices. CISA has added vulnerabilities CVE-2025-20333 and CVE-2025-20362 to the Known Exploited Vulnerabilities Catalog. The Emergency Directive requires federal agencies to identify, analyze, and mitigate potential compromises immediately. Agencies ...