GreyNoise has discovered a campaign where attackers have gained unauthorized access to thousands of internet-exposed ASUS routers. This seems to be part of a covert effort to create a network of backdoor devices, possibly aiming to establish a botnet in the future. The tactics in this campaign—sneaky initial access, using …
Read More »CVE-2023-39780
Bangladesh Bank instructed using AI to prevent online gambling
The rise of online gambling in the country is leading to increased crime and societal issues. In response, the central bank has implemented strict measures to curb these activities. On Wednesday, May 28, the Payment Systems Department of Bangladesh Bank instructed all banks and financial institutions to enhance monitoring of …
Read More »Exploitable Vulns in Canon Printers Allow Gaining Admin Privileges
A passback vulnerability has been found in some Canon printers, including production and multifunction models. If an attacker gains administrative access, they could obtain sensitive authentication information, including SMTP and LDAP connections. Affected Products: imageRUNNER ADVANCE Series imageRUNNER Series imagePRESS V Series imagePRESS Series imageCLASS Series i-sensys Series Satera Series …
Read More »184 Million Leaked Credentials Discovered in Open Database
Security researchers have discovered a database with 184 million account credentials, highlighting the need to update compromised passwords, strengthen weak ones, and enable multi-factor authentication. Although the database is not new, it shows the ongoing circulation of leaked data from major platforms like Apple, Google, Microsoft, Amazon, Facebook, Instagram, and …
Read More »Palo Alto Networks Warns of XSS Flaw: PoC Released
Palo Alto Networks warns a reflected cross-site scripting (XSS) vulnerability, CVE-2025-0133, in the GlobalProtect gateway and portal features of its PAN-OS software. The flaw allows malicious JavaScript to run in the browsers of authenticated Captive Portal users when they click specific links. Organizations using the Clientless VPN feature face a …
Read More »High-Severity Flaw Hits Atlassian Jira Data Center
A recently discovered vulnerability, CVE-2025-22157, threatens organizations using Atlassian’s Jira Core Data Center and Jira Service Management Data Center by enabling privilege escalation attacks, allowing attackers to gain elevated system privileges. This serious flaw has a CVSS score of 7.2, posing a significant risk to businesses using Atlassian’s project and …
Read More »Intel PC, laptop and server processors affected for 6 years: Report
A new class of vulnerabilities in Intel processors, called Branch Predictor Race Conditions (BPRC), enables attackers to extract sensitive data from the cache and RAM of other users on the same hardware. Recent research by computer scientists from the Computer Security Group (COMSEC) at the Department of Information Technology and …
Read More »
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Siemens issued a security advisory (SSA-047424) for two serious vulnerabilities—CVE-2025-26389 and CVE-2025-26390—impacting the OZW672 and OZW772 web servers. These servers are commonly used for remote monitoring and controlling building systems like heating and air conditioning. Both vulnerabilities can be exploited without authentication, potentially compromising the entire system. “OZW672 and OZW772 …
Read More »Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
Microsoft has released its Patch Tuesday updates for May 2025, addressing a total of 78 vulnerabilities across its product ecosystem, with five identified as actively exploited zero-day flaws. The updates cover a wide range of software, including Windows, Microsoft Office, Azure, Visual Studio, and more, urging users and administrators to …
Read More »Microsoft Patches Four Critical Azure and Power Apps Vulns
Microsoft has fixed critical vulnerabilities in its core cloud services, including Azure Automation, Azure Storage, Azure DevOps, and Microsoft Power Apps. While these flaws haven’t been publicly disclosed or exploited, they highlight the need for proactive security measures in cloud-native development. CVE-2025-29813 (CVSS 10.0): Azure DevOps Pipeline Token Hijack: A …
Read More »