Penetration Testing

JUNE 15, 2025

The flaws, tracked as CVE-2025-45984 through CVE-2025-45988, affect a wide range of firmware versions used in both consumer and enterprise-grade networking equipment. Shared Affected Codebase: Each flaw targets the same goahead binary and associated shared object, amplifying the impact across models and firmware versions.

Firmware 65

Firmware DNS Penetration Testing Malware 65

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, in its firewall devices.

Firmware 98

Firmware Firewall Authentication VPN 98

SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. Okta was breached through one of its service providers, Sitel, itself compromised via the insecure VPN gateway of a recently acquired company. What we predicted in 2022.

Firmware 129

Firmware Surveillance Mobile Telecommunications 129

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall 98

Firewall Firmware VPN Authentication 98

Security Affairs

JUNE 13, 2023

Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), impacting FortiOS and FortiProxy. through 6.2.13

Firewall 98

Firewall VPN Firmware Manufacturing 98

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. Patch 2 VPN ZLD V4.60

Firmware 98

Firmware VPN Firewall Hacking 98

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. In the first half of 2023, 97.91% of password brute-force attempts registered by our honeypots targeted Telnet, and only 2.09%, SSH.

IoT 137

IoT DDOS Passwords Malware 137

Malwarebytes

MAY 26, 2023

The CVEs patched in these updates are: CVE-2023-33009 : A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 Patch 1, USG FLEX series firmware versions 4.50 Patch 1, USG FLEX 50(W) firmware versions 4.25 Patch 1, USG20(W)-VPN firmware versions 4.25

Firmware 98

Firmware VPN Firewall Accountability 98

Security Affairs

FEBRUARY 6, 2024

“The Ministry of Defence (MOD) of the Netherlands was impacted in 2023 by an intrusion into one of its networks. The malware survives reboots and firmware upgrades. Moreover, the infection survives firmware upgrades.” The effects were limited because of prior network segmentation” reads the report.

Malware 137

Malware Firmware VPN Backups 137

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware. ” ASUS added.

Firmware 98

Firmware VPN Wireless Passwords 98

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. through 4.73, VPN series firmware versions 4.60

Firewall 98

Firewall Firmware VPN DDOS 98

Security Affairs

JANUARY 14, 2024

Forescout experts questioned the attribution of cyber attacks that targeted the energy sector in Denmark in 2023 to the Russia-linked Sandworm. Forescout experts shared findings from their analysis of the cyber attacks that targeted the energy sector in Denmark in 2023, attributing them to the Russia-linked Sandworm. through 5.35.

Firewall 137

Firewall Firmware Cyber Attacks VPN 137

Security Affairs

NOVEMBER 14, 2023

On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35.

Cyber Attacks 140

Cyber Attacks Firmware Firewall VPN 140

Malwarebytes

JUNE 19, 2023

ASUS has released firmware updates for several router models fixing two critical and several other security issues. You will find the latest firmware available for download from the ASUS support page or the appropriate product page. The Asuswrt-Merlin New Gen is an open source firmware alternative for Asus routers.

Firmware 98

Firmware VPN Risk Cybersecurity 98

Security Affairs

JULY 22, 2023

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8), is a command injection issue that could potentially allow an unauthorized attacker to execute arbitrary code on vulnerable devices. through 5.35.

DDOS 98

DDOS Firmware Firewall VPN 98

eSecurity Planet

SEPTEMBER 22, 2023

These one, three, and five year subscriptions provide enhanced support for the hardware, firmware maintenance, security updates, and optional participation in early-release firmware updates. Subscribe The post Barracuda SecureEdge SASE Review 2023 appeared first on eSecurity Planet. You can unsubscribe at any time.

Firewall 98

Firewall Marketing Firmware Technology 98

Zero Day

JUNE 20, 2025

How it works When you set up a Wyze camera , your user ID will be digitally stamped onto the camera's firmware. It will be rolled out through an update, so if your Wyze app and camera firmware stay up to date, you'll receive the feature. The camera then digitally stamps that same ID onto every photo, video, and livestream.

52

52

eSecurity Planet

JANUARY 16, 2024

The problem: Ivanti announced two vulnerabilities that affect Ivanti Connect Secure VPN and Ivanti Policy Secure products. The vulnerability can be tracked as CVE-2023-29357. The problem: Technology company Bosch has a thermostat, the BCC100, that’s vulnerable to firmware replacement from a threat actor. Versions 9.x

Firewall 109

Firewall Firmware IoT Authentication 109

Security Boulevard

FEBRUARY 17, 2025

Privacy Services Mullvad has partnered with Obscura VPN Mullvad Mullvad announces its partnership with ObscuraVPN; Mullvad WireGuard VPN servers can be used as the exit hop for the two-party VPN service offered by ObscuraVPN. The Cupid Vault Configuration follows a similar approach.

Surveillance 52

Surveillance Data breaches VPN Malware 52

eSecurity Planet

JANUARY 22, 2024

The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities. CVE-2023-6548 is a remote code execution vulnerability for an authenticated user, and CVE-2023-6549 is a denial-of-service vulnerability. and later releases of 13.1

Authentication 113

Authentication Malware VPN Mobile 113

SecureList

JUNE 3, 2024

In late December, in a presentation at the 37th Chaos Communication Congress (37C3), experts from our Global Research and Analysis Team (GReAT) described the attack chain in detail , including – for the first time – how the attackers exploited the CVE-2023-38606 hardware vulnerability. You can read the full analysis here.

Banking 117

Banking Malware Computers and Electronics Mobile 117

Zero Day

JUNE 11, 2025

This security feature has been available on PCs that use Unified Extensible Firmware Interface (UEFI) firmware as a more modern replacement for the older BIOS firmware. The irony here is that Microsoft implemented Secure Boot on Windows PCs specifically to prevent malware from loading during the boot-up process.

Malware 80

Malware Password Management Small Business Artificial Intelligence 80

eSecurity Planet

MARCH 4, 2024

The fix: To eliminate malware infections, perform a factory reset, upgrade to the latest firmware, change all default usernames and passwords, and adjust firewall rules to block exposure to unwanted remote management services. The fix: Patch or isolated vulnerable Windows systems.

IoT 117

IoT Internet Internet Ransomware 117

Digital Shadows

JANUARY 14, 2025

Researchers reported that the median ransom payment rose from $199,000 in 2023 to $1,500,000 in 2024. Take Action To mitigate these threats, organizations should ensure SonicWall and other VPN products are fully patched and up to date. But it’s not just the money that’s driving this trend.

Ransomware 126

Ransomware Social Engineering Phishing Manufacturing 126

Zero Day

JUNE 14, 2025

But every PC that was sold with Windows preinstalled after mid-2016 was required to have a TPM, so that's a simple matter of flipping a switch in the firmware menu.

Password Management 75

Password Management Small Business Software Artificial Intelligence 75

Zero Day

JUNE 14, 2025

Fortunately, I already had the Baseus app installed ( Android / iOS ), and the MC1s automatically connected and informed me there was a firmware upgrade. With the firmware updated and the earbuds connected to both phone and app, I went into the EQ section of the app and added my standard custom EQ curve.

Wireless 90

Wireless Banking Password Management Small Business 90

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Ransomware 121

Kali Linux

FEBRUARY 27, 2024

As it turns out, Kenneth operates a network of mirrors, which was officially announced back in May 2023 on his blog: Building the Micro Mirror Free Software CDN. Now, users can effortlessly copy their VPN IP address to the clipboard with just a click , simplifying the workflow and enhancing productivity for our users.

Software 144

Software Firmware VPN Internet 144

Zero Day

JUNE 6, 2025

  Also: Apple just gave me 3 big reasons to keep my AirPods for longer - and be excited for iOS 26 The dongle will also allow you to download firmware updates to the earbuds without installing anything on your computer, something plenty of people are prohibited from doing on work-issued devices.

Password Management 87

Password Management Software Artificial Intelligence Passwords 87

Zero Day

JUNE 16, 2025

Update your car's multimedia unit firmware What is firmware? All modern devices require manufacturer firmware updates to keep them running smoothly. Namely, it provides a more stable connection, higher audio fidelity, and reduced potential for interference. Show more 3. Your vehicle's multimedia unit is no exception.

Wireless 45

Wireless Password Management Energy and Utilities Small Business 45

eSecurity Planet

DECEMBER 7, 2023

Most organizations use one of the AES algorithms for file encryption, full-disk encryption, application encryption, wifi transmission encryption, virtual public network (VPN) encryption, and encrypted protocols such as transport layer security (TLS). It was updated by Chad Kime on December 7, 2023.

Encryption 109

Encryption Authentication Passwords Password Management 109

eSecurity Planet

SEPTEMBER 11, 2023

Network security is another big theme this week: Whether it’s a VPN connection or an enterprise-grade networking platform, patch management solutions typically won’t update network devices, so admins may need to keep an eye on any flaws there too. of the Atlas VPN Linux client. via port 8076. score of 9.8 out of 10.0,

VPN 113

VPN Authentication Firmware Phishing 113

Webroot

OCTOBER 31, 2024

Source: Coveware We’ve seen a drop-off from the highs last year – fueled by Cl0p ransomware group making over $100 Million in a few months in late 2023. Akira: The Healthcare Menace The Akira ransomware group was first observed in March 2023 and immediately became one of the most formidable threats in the threat landscape.

Malware 117

Malware Ransomware Passwords Healthcare 117

Krebs on Security

MAY 22, 2023

Chaput said that on May 4, 2023, someone unleashed a spam torrent targeting users on these Mastodon communities via “private mentions,” a kind of direct messaging on the platform. Very often, this proxy software is installed surreptitiously, such as through a “Free VPN” service or mobile app.

Scams 310

Scams DDOS Cryptocurrency Accountability 310

SecureList

DECEMBER 14, 2022

It directly affected satellite modems firmwares , but was still to be understood as of mid-March. The latter confirmed that a threat actor got in through a remote-management network exploiting a poorly configured VPN, and ultimately delivered destructive payloads, affecting tens of thousands of KA-SAT modems. Key insights.

DDOS 145

DDOS Ransomware Government Energy and Utilities 145