Friday , July 10 2026

Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security DataCritical Vulnerability in Hikvision Storage Solutions Exposes Video Security Dataz

Video surveillance giant Hikvision this week informed customers that it has patched a critical vulnerability affecting its Hybrid SAN and cluster storage products.

The vulnerability, tracked as CVE-2023-28808, has been described by the vendor as an access control issue that can be exploited to obtain administrator permissions by sending specially crafted messages to the targeted device.

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

Thousands of MCP Servers Exposed to File Access and Injection Attacks

Thousands of Model Context Protocol (MCP) servers have serious security flaws like file access issues, command injection, server-side request forgery...
Read More
Thousands of MCP Servers Exposed to File Access and Injection Attacks

CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware

Several Tenda firmware versions have a hidden backdoor that lets people gain admin access to the device's web interface. An...
Read More
CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware

Daily Cyber security update for 6. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 6. 07. 2026

“Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers, Android Devices

A new Linux flaw called “Bad Epoll” (CVE-2026-46242) lets regular users get root access on Linux servers, desktops, and Android...
Read More
“Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers, Android Devices

An AI performed a cyber attack without any human help for the first time

Security experts found what they think is the first time an AI carried out a cyber attack all by itself....
Read More
An AI performed a cyber attack without any human help for the first time

The impacted products are used by organizations to store video security data, and an attacker exploiting the vulnerability could gain access to that data.

In a notification sent by Hikvision to partners — a copy was also shared with SecurityWeek — the company said it’s not aware of in-the-wild exploitation.

“While Hikvision is not aware of this vulnerability being exploited in the field, we recognize that some of our partners may have installed Hikvision equipment that is affected by this vulnerability and we strongly encourage them to work with their customers to install the patch and ensure proper cyber hygiene,” the company told partners.

Hikvision noted in its advisory that an attacker needs to have network access to the targeted device in order to exploit CVE-2023-28808.

However, Arko Dhar, the CTO of Redinent, the India-based CCTV and IoT cybersecurity company credited for finding the vulnerability, told SecurityWeek that many impacted systems are exposed to the internet and remote exploitation is possible.

“The Hybrid SAN storage is primarily meant to store CCTV video recordings. But it can also be configured to store business data as well. The impact is very wide – an attacker can delete video recordings and business data at the same time, delete backups and cause significant impact to the business,” Dhar warned.

Redinent’s researchers discovered the vulnerability in late December 2022 and the flaw was reported to the vendor through CERT India in January.

Hikvision announced on April 10 that patches are included in version 2.3.8-8 for Hybrid SAN and version 1.1.4 for cluster storage devices. The vendor has provided detailed instructions for installing the updates.

Related: Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras

Related: Critical Vulnerability in Hikvision Wireless Bridges Allows CCTV Hacking

Related: QNAP Patches Critical Vulnerability in Network Surveillance Products

Check Also

CLI

Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a “massive, ongoing, automated password spray attack” aimed at Microsoft’s …