Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws could let attackers gain unauthorized access and escalate their privileges on the devices. On April 22, 2025, a security advisory was released outlining patches for CVE-2025-1731 and CVE-2025-1732, affecting various …
Read More »TP-Link Router Vulns Allow to Execute Malicious SQL Commands
Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their web management interfaces. Security researcher “The Veteran” found vulnerabilities that let remote attackers bypass authentication and gain unauthorized control of devices without valid credentials. TP-Link Router Vulnerabilities: CVE-2025-29648: TP-Link EAP120 …
Read More »Samsung phone is saving your passwords in plain text
You copy a password from your manager, thinking it’s safe. Meanwhile, your phone is saving it in plain text. Samsung says, so far, there is no solution. Imagine you just copied a password or banking logins from a password manager. Then you think, “Wait, does this go away after I …
Read More »GitHub Enterprise Server Vulns Expose Risk of Code Execution
GitHub has released security updates for GitHub Enterprise Server to fix several vulnerabilities, including a high-severity flaw that could allow code execution by attackers. Organizations are urged to apply these patches quickly to ensure system protection. High-Risk Code Execution Vulnerability: A vulnerability (CVE-2025-3509) in the pre-receive hook feature of GitHub …
Read More »
CVE-2025-2492
ASUS warns of critical auth bypass flaw in routers
Hackers can exploit a vulnerability in Asus routers to execute unauthorized functions. This serious issue, rated 9.2 out of 10, has prompted the company to advise users to update the firmware of Asus routers that use AiCloud. Asus AiCloud is a cloud storage and remote access service for ASUS routers, …
Read More »16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia
According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called “symlink”. This number has increased from the initial 14,000 and is expected to rise as investigations continue. The attack takes advantage of known vulnerabilities in Fortinet’s FortiGate devices. After gaining access, the threat …
Read More »Patch now! Critical Erlang/OTP SSH Vuln Allows UCE
A critical security flaw has been found in the Erlang/Open Telecom Platform (OTP) SSH implementation, allowing an attacker to run code without authentication under specific conditions. The vulnerability CVE-2025-32433 has a maximum CVSS score of 10.0. “The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute …
Read More »CISA warns of increasing risk tied to Oracle legacy Cloud leak
On Wednesday, CISA alerted about increased breach risks due to the earlier compromise of legacy Oracle Cloud servers, emphasizing the serious threat to enterprise networks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the risks of using embedded or reused credentials.. The agency noted that while …
Read More »
CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App
Cisco issued a security advisory about a serious vulnerability in its Webex App that allows unauthenticated remote code execution (RCE) via malicious meeting invite links. The flaw, known as CVE-2025-20236, has a CVSS score of 8.8 and affects several versions of the Cisco Webex desktop application. “A vulnerability in the …
Read More »Apple released emergency security updates for 2 zero-day vulns
On Wednesday, Apple released urgent operating system updates to address two security vulnerabilities that had already been exploited in highly sophisticated attacks targeting a few iOS users. The vulnerabilities CVE-2025-31200 and CVE-2025-31201 allow for code execution and bypass mitigation on Apple’s iOS, iPadOS, and macOS platforms. Apple acknowledged a report …
Read More »
InfoSecBulletin Cybersecurity for mankind