Friday , July 10 2026

Vulnerabilities

India-based CCTV cameras flaw allow attacker stealing video feeds, credentials

CCTV

A severe security flaw has been revealed in various CCTV camera brands in India. This vulnerability enables attackers to access video feeds and steal login information without needing to authenticate. CISA issued an alert on December 9, 2025, with code ICSA-25-343-03. Identifying threats from D-Link India Limited, Sparsh Securitech, and …

Read More »

SAP fixes 3 critical vulns across multiple products

3

SAP’s December security updates have fixed 14 vulnerabilities in various products, including 3 critical ones. CVE-2025-42880, a code injection flaw with a CVSS score of 9.9, is the most critical issue affecting SAP Solution Manager ST 720. “Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to …

Read More »

FortiOS, FortiWeb, and FortiProxy Vuln Allow Bad Actors Bypass FortiCloud SSO Flaw

FortiProxy

Fortinet released security updates for critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could let attackers bypass FortiCloud SSO authentication. Threat actors can exploit the security flaws CVE-2025-59718 and CVE-2025-59719 by taking advantage of weaknesses in cryptographic signature verification in affected products using a malicious SAML message. Fortinet stated …

Read More »

Microsoft patched 3 zero days with 56 vulns in December 2025 Patch Tuesday

56

Microsoft’s last Patch Tuesday updates of 2025 on December fixed 56 vulnerabilities in Windows, Office, Exchange Server, and more. This update addresses 3 serious security issues: two remote code execution problems that have been made public and one vulnerability that allows attackers to gain elevated permissions. Several critical issues are …

Read More »

1,20,000 IP cameras hacked; Home video sold for porn site: Suspect arrested

120,000 IP cameras

The Korean National Police arrested suspected four people for hacking over 120,000 IP cameras and selling the footage to a foreign adult website. Police are acting against the operators of the illegal content despite not revealing the suspects or websites, through international cooperation. “The National Office of Investigation announced that …

Read More »

Google Patches 107 Android Flaws, Including 0 days

Android

On Monday, Google released its monthly security updates for Android, addressing two vulnerabilities that have been exploited in the wild. The patch fixes 107 security issues across various components, including Framework, System, Kernel, and those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison. The two high-severity shortcomings that have been …

Read More »

Tenda N300 Vulns Let Attacker to Execute Arbitrary Commands

Tenda

CERT/CC has warned of unpatched command injection vulnerabilities in Tenda’s 4G03 Pro and N300 routers. These flaws allow attackers to execute root commands, and there are no fixes from the vendor, putting users at risk. According to the advisory, “A command injection vulnerability exists across multiple firmware versions that allows …

Read More »

WhatsApp API flaw let researchers scrape millions of Bangladeshi accounts

API

Researchers gathered 3.5 billion WhatsApp phone numbers and personal information by abusing a contact-discovery API without proper rate limiting. This study shows a common tactic used by threat actors to collect user information from unprotected public APIs, even though the researchers haven’t shared the data. Abusing WhatsApp API: The researchers …

Read More »

CISA warns of active exploitation of Oracle Identity Manager RCE flaw

Oracle Identity Manager

CISA warns government agencies to patch Oracle Identity Manager (CVE-2025-61757) due to potential zero-day exploitation. CVE-2025-61757 is a pre-authentication remote code execution vulnerability in Oracle Identity Manager, found by Searchlight Cyber analysts Adam Kues and Shubham Shahflaw. The flaw stems from an authentication bypass in Oracle Identity Manager’s REST APIs, …

Read More »

CERT-In Alerts: Asus Router Flaw Endangers Millions in India

CERT-In

CERT-In warns that many homes, small offices, and service providers in India are at risk from a critical authentication flaw, CVE-2025-59367, found in popular Asus DSL-series WiFi routers. The national cybersecurity agency has issued a security alert regarding this vulnerability. The CERT-In Vulnerability Note CIVN-2025-0322 warns that remote attackers can …

Read More »