Hidden debug code returns from the dead as TP-Link routers face a wave of new critical root access flaws

Two newly disclosed flaws in TP-Link’s Omada and Festa VPN routers have exposed deep-seated weaknesses in the company’s firmware security. The vulnerabilities, tracked as CVE-2025-7850 and CVE-2025-7851, were identified by researchers from Forescout’s Vedere Labs. These vulnerabilities were described as Read More …

Deep analysis of the flaw in BetterBank reward logic

From August 26 to 27, 2025, BetterBank, a decentralized finance (DeFi) protocol operating on the PulseChain network, fell victim to a sophisticated exploit involving liquidity manipulation and reward minting. The attack resulted in an initial loss of approximately $5 million Read More …

CISA warns high-severity Windows SMB flaw now exploited in attacks – update now

Microsoft has acknowledged older versions of Windows 10, Windows 11 and Windows Server could be exploited due to a vulnerability related to SMB. The vulnerability, tracked as CVE-2025-33073 with a score of 8.8, was added to America’s Cybersecurity and Infrastructure Read More …

Cyber giant F5 Networks says government hackers had ‘long-term’ access to its systems

Cybersecurity firm F5 Networks says government-backed hackers had “long-term, persistent access” to its network, which allowed them to steal the company’s source code and customer information. In a filing with the U.S. Securities and Exchange Commission on Wednesday, F5 said Read More …

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits

TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices. The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit Read More …

Harvard Investigating Security Breach After Cybercrime Group Threatens To Release Stolen Data

Harvard is investigating a data breach after a Russian-speaking cybercrime organization claimed it was preparing to release information stolen through a vulnerability in a software suite used by the University. Clop, an organization that extorts payments from companies to prevent Read More …

RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits

The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure. This campaign consists of over 50 exploits, including unpatched router flaws across over Read More …

Security bug in India’s income tax portal exposed taxpayers’ sensitive data

The Indian government’s tax authority has fixed a security flaw in its income tax filing portal that was exposing sensitive taxpayers’ data, TechCrunch has exclusively learned and confirmed with authorities. The flaw, discovered in September by a pair of security Read More …

Oracle patches actively exploited zero-day vulnerability in E-Business Suite

Oracle has patched a critical vulnerability in E-Business Suite that was actively exploited in data theft attacks by the Clop group. This is a zero-day vulnerability, registered as CVE-2025-61882, which allows remote code execution on affected systems without authentication. The Read More …

US Air Force admits SharePoint privacy issue as reports trickle out of possible breach

The US Air Force is reportedly investigating a potential data breach caused by a Microsoft SharePoint issue. A report from The Register revealed the Air Force Personnel Center Directorate of Technology and Information issued a data breach notification shared on Read More …