Oracle’s October 2025 Critical Patch Update fixes 374 vulnerabilities in multiple products, making it one of the largest patches recently, covering databases, middleware, enterprise applications, and communication systems. As always, Oracle recommends that customers apply patches without delay, as many of the fixed vulnerabilities can be exploited remotely, even without …
Read More »Hackers Exploited 34 Zero-Day Vulns In Pwn2Own Ireland 2025
During the first day of the Pwn2Own Ireland 2025 hacking contest by Trend Micro’s Zero Day Initiative, participants earned $522,500 for their exploits. 34 new vulnerabilities have been used to hack printers, NAS devices, routers, and smart home products. The top prize of $100,000 was given in the ‘SOHO Smashup’ …
Read More »
(CVE-2025-6542, CVSS 9.3)
User Alert: TP-Link warns of critical command injection flaw in Omada gateways
TP-Link Systems has released a firmware update that fixes four serious vulnerabilities in its Omada gateway series, like ER605, ER7206, and ER8411, commonly used in businesses. These flaws—CVE-2025-6541, CVE-2025-6542, CVE-2025-7850, and CVE-2025-7851—can let attackers run arbitrary commands on the devices, sometimes without needing authentication. According to TP-Link’s advisory, “An arbitrary …
Read More »CISA Adds Oracle, Apple and Microsoft Vulns to KEV Catalog
CISA has added five new CVEs to its Known Exploited Vulnerabilities catalog, including issues from Microsoft, Apple, and Oracle. The vulnerabilities flagged by CISA include: CVE-2022-48503 is a critical vulnerability (8.8 severity) in several Apple products that allows for arbitrary code execution via web content. Apple fixed it with better …
Read More »71,000+ WatchGuard security devices vulnerable to critical RCE
About 76,000 WatchGuard Firebox security devices are publicly exposed and vulnerable to a serious issue (CVE-2025-9242) that could let remote attackers execute code without authentication. Firebox devices serve as a central hub to manage traffic between internal and external networks, offering protection with policy management, security services, VPN, and real-time …
Read More »Volkswagen Allegedly Hit by Ransomware Attack
Volkswagen Group has responded to claims from the ransomware group 8Base, which says it has stolen and leaked sensitive data from the company. The German carmaker maintains that its core IT infrastructure remains unaffected; however, the company’s vague response leaves questions about the full scope of the incident and raises …
Read More »Oracle released emergency patch for new E-Business Suite flaw
Oracle released an emergency security update over the weekend to fix a new vulnerability in E-Business Suite (EBS) that could allow remote access by unauthorized attackers. CVE-2025-61884 is an information disclosure vulnerability in the Runtime UI component, impacting EBS versions 12.2.3 to 12.2.14. It could enable unauthorized attackers to remotely …
Read More »
CVE-2023-28760
TP-Link Router Flaw Allows Root RCE via LAN, PoC Available
Rocco Calvi, a security researcher, discovered a serious flaw in the TP-Link AX1800 WiFi 6 Router (Archer AX21/AX20) that enables local network attackers to execute code remotely as the root user. CVE-2023-28760 is a high-severity vulnerability (CVSS 7.5) in the MiniDLNA service of the router’s media-sharing feature. As described in …
Read More »Credit Card Payment Terminal Exploited for Remote Access
A security researcher has unveiled a major vulnerability in a popular payment terminal that could allow attackers to take full control of the device in less than a minute. The Worldline Yomani XR model is used in grocery stores, cafes, repair shops, and various businesses in Switzerland. The terminal’s maintenance …
Read More »New Android spyware ClayRat mimics WhatsApp, TikTok, YouTube
Zimperium’s zLabs has discovered a fast-spreading Android spyware called ClayRat, which targets users by posing as trusted apps like WhatsApp, Google Photos, TikTok, and YouTube. Attackers use social engineering to install malware by creating fake websites that resemble official pages. For instance, a fake GdeDPS site was used in one …
Read More »
InfoSecBulletin Cybersecurity for mankind