A pair of university students say they found and reported earlier this year a security flaw allowing anyone to avoid paying for laundry provided by over a million internet-connected laundry machines in residences and college campuses around the world.
Months later, the vulnerability remains open after CSC ServiceWorks repeatedly ignored requests to fix the flaw.
Read more…
Source: TechCrunch
Related:
- Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products
November 14, 2025
CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall. This vulnerability affects the following FortiWeb versions:1 8.0.0 through 8.0.1 7.6.0 through 7.6.4 7.4.0 through 7.4.9 7.2.0 through 7.2.11 7.0.0 through 7.0.11 CVE-2025-64446 is a relative path traversal vulnerability CWE-23: Relative Path Traversal that may allow an unauthenticated ...
- CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities
November 12, 2025
CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target ...
- Patch Tuesday – November 2025
November 11, 2025
Microsoft is publishing 66 new vulnerabilities today, which is far fewer than one would expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet. Three critical remote code execution (RCE) vulnerabilities are patched today; happily, Microsoft currently assesses all three as less likely ...
- LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
November 7, 2025
Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not an isolated case but rather part of a broader pattern of similar issues found on multiple ...
- Cisco Releases Security Updates for Unified CCX
November 6, 2025
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4 Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest cyber security news and ...
- Washington Post says it is among victims of cyber breach tied to Oracle software
November 6, 2025
The Washington Post said it is among victims of a sweeping cyber breach tied to Oracle software. In a statement released on Thursday, the newspaper said it was one of those impacted “by the breach of the Oracle E-Business Suite platform.” The paper did not provide further detail, but its statement comes after CL0P, the notorious ...