Security Boulevard

MARCH 24, 2025

Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). These threat actors go to lengths to bury the actual commands used in malicious.LNK files which download malware onto the machine.

Surveillance 75

Surveillance Telecommunications Data breaches Spyware 75

Malwarebytes

JUNE 19, 2023

ASUS has released firmware updates for several router models fixing two critical and several other security issues. You will find the latest firmware available for download from the ASUS support page or the appropriate product page. The Asuswrt-Merlin New Gen is an open source firmware alternative for Asus routers.

Firmware 98

Firmware VPN Risk Cybersecurity 98

eSecurity Planet

OCTOBER 1, 2021

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance and best practices for securing virtual private network (VPN) solutions. What might be most striking about the document is how many security steps and solutions it takes to properly secure VPN connections.

VPN 109

VPN Authentication Passwords Software 109

Malwarebytes

AUGUST 23, 2022

The flaw is tracked as CVE-2021-36260 and was addressed by Hikvision via a firmware update in September 2021. If you are in doubt whether you are using a vulnerable product, there is a list of the vulnerable firmware versions in the researchers' post. The critical bug received a 9.8

Firmware 97

Firmware Internet Internet VPN 97

Security Affairs

JULY 22, 2023

The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.

DDOS 98

DDOS Firmware Firewall VPN 98

Security Affairs

DECEMBER 27, 2021

The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A that was downloaded from the Auerswald support website. “Firmware Update 8.2B Instead, use the Auerswald Remote Access or VPN to access remote ICT systems via the Internet.” Pierluigi Paganini.

Firmware 114

Firmware Manufacturing Passwords Penetration Testing 114

Malwarebytes

APRIL 4, 2022

Affected series Affected firmware version Patch availability USG/ZyWALL ZLD V4.20 Patch 1 VPN ZLD V4.30 Owners of the other affected products can search for their updated firmware by model number on the Zyxel support download page. through ZLD V4.70 USG FLEX ZLD V4.50 through ZLD V5.20 Patch 1 ATP ZLD V4.32 through V1.33

Firewall 96

Firewall Firmware Authentication VPN 96

Security Affairs

APRIL 25, 2019

. “An open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.” This malicious website could potentially run or download arbitrary malware on the user’s machine.

Firmware 102

Firmware Social Engineering Advertising Malware 102

Security Boulevard

FEBRUARY 17, 2025

Privacy Services Mullvad has partnered with Obscura VPN Mullvad Mullvad announces its partnership with ObscuraVPN; Mullvad WireGuard VPN servers can be used as the exit hop for the two-party VPN service offered by ObscuraVPN. The Cupid Vault Configuration follows a similar approach. Magecart Attackers Abuse.

Surveillance 52

Surveillance Data breaches VPN Malware 52

Zero Day

JUNE 20, 2025

How it works When you set up a Wyze camera , your user ID will be digitally stamped onto the camera's firmware. It will be rolled out through an update, so if your Wyze app and camera firmware stay up to date, you'll receive the feature. The camera then digitally stamps that same ID onto every photo, video, and livestream.

52

52

Security Affairs

JULY 8, 2022

For this: 1) Download and install Telegram Messenger [link]. ……… “ The vendor recommends not exposing the SMB service to the internet and using VPN to access the NAS and reduce the attack surface. Go to Control Panel > System > Firmware Update. The cost of decryption is 15000 USD.

Ransomware 110

Ransomware Encryption Passwords Internet 110

eSecurity Planet

JANUARY 16, 2024

The problem: Ivanti announced two vulnerabilities that affect Ivanti Connect Secure VPN and Ivanti Policy Secure products. xml through the download portal. The problem: Technology company Bosch has a thermostat, the BCC100, that’s vulnerable to firmware replacement from a threat actor. Versions 9.x 20240107.1.xml

Firewall 109

Firewall Firmware IoT Authentication 109

Malwarebytes

MARCH 17, 2021

Before downloading and detonating the ransomware payload, threat actors behind this ransomware were also found to conduct network reconnaissance using open-source tools like Advanced Port Scanner and Advanced IP Scanner. To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released.

Education 112

Education Ransomware Phishing Passwords 112

SecureWorld News

OCTOBER 8, 2023

Make it a habit to reboot devices often, ensuring that downloaded updates are activated. Use the administrator account only for maintenance, software installation, or firmware updates. Attention should be paid to protecting routers and updating their firmware. Opt for strong, hard-to-crack passwords.

Firmware 111

Firmware IoT Accountability Passwords 111

Adam Levin

FEBRUARY 10, 2020

And be judicious about any app you might download to your mobile device. When your phone or computer alerts you to an available software or firmware update, pay attention and do what you’re asked to do immediately (as opposed to clicking “Remind me later”) because many of these patches are security-related.

Passwords 245

Passwords Phishing Password Management Accountability 245

Approachable Cyber Threats

JANUARY 17, 2023

A publicly available network may not always have the latest firmware, patch updates on its hardware, or have proper encryption enabled; therefore, if you connect to the network you may be exposing yourself to potential risks. Most likely, it is free and faster than using the data from our phone plan. What are the potential risks?”

Encryption 98

Encryption Internet Internet Risk 98

eSecurity Planet

MAY 28, 2021

Using legitimate file-sharing tools like RClone and MegaCmdServer to mask activity, malicious actors can go undetected while downloading your network’s data. From BIOS and firmware to UEFI code, VBOS is an attack vector that requires more attention. Current Target: VBOS.

Software 119

Software DNS Firmware VPN 119

Security Affairs

AUGUST 4, 2022

All the affected models have a patched firmware available for download on the vendor’s website.” . “The attack can lead to a full compromise of the device and may lead to a network breach and unauthorized access to internal resources.

Hacking 100

Hacking Internet Internet Passwords 100

eSecurity Planet

JANUARY 22, 2024

The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities. The fix: Users need to download the new public commit signing key from GitHub. The authenticated user must also be logged into an account on an instance of GHES.

Authentication 113

Authentication Malware VPN Mobile 113

Malwarebytes

MAY 28, 2021

Recipients are encouraged to click this link, which actually contains code that allows for the download and execution of either Bazar , a backdoor, or IcedID (aka BokBot), a Trojan. We’ve downloaded your data and are ready to publish it on out [sic] news website if you do not respond. Consider installing and using a VPN.

Healthcare 132

Healthcare Ransomware Encryption Passwords 132

Zero Day

JUNE 11, 2025

This security feature has been available on PCs that use Unified Extensible Firmware Interface (UEFI) firmware as a more modern replacement for the older BIOS firmware. In Windows 10 or 11, head to Settings, select Windows Update, and then download the latest updates. After rebooting, your PC will be protected.

Malware 80

Malware Password Management Small Business Artificial Intelligence 80

Security Affairs

JULY 31, 2019

The attacker could then download the database and disclose login information, then use it to gain full access to the system. “To update to the latest firmware, each user should select the “Check for Upgrade” option in the “Centrals” menu in the GUI. Also recognize that VPN is only as secure as the connected devices.”

Backups 92

Backups Authentication Advertising Firmware 92

Malwarebytes

JUNE 26, 2023

Once the attackers have broken into their target system, a patched version of OpenSHH, a remote login tool , is downloaded from a remote server. Maintain device health with updates: Make sure devices are up to date with the latest firmware and patches. When possible, update OpenSSH to the latest version.

IoT 96

IoT Adware Firmware DDOS 96

Kali Linux

FEBRUARY 27, 2024

If you want to see the new theme for yourself and maybe try out one of those new mirrors, download a new image or upgrade if you have an existing Kali Linux installation. Now, users can effortlessly copy their VPN IP address to the clipboard with just a click , simplifying the workflow and enhancing productivity for our users.

Software 144

Software Firmware VPN Internet 144

Malwarebytes

SEPTEMBER 21, 2021

If connecting to a public Wi-Fi can’t be avoided, advise them to use a virtual public network (VPN). And when accidents like this happen to your kids, its good to have an AV installed to stop malicious code from downloading or running before it could wreak havoc on your device. Update your child’s device’s firmware.

Internet 133

Internet Internet Passwords Password Management 133

CyberSecurity Insiders

NOVEMBER 1, 2022

Back then, endpoint security focused on computers, which meant the installation of antivirus, malware protection, firewall, and (sometimes) VPN in every computer. These ignored, forgotten, and un-updated (OS/firmware) connected devices can become vulnerabilities exploited by cybercriminals to gain access to networks and cloud resources.

IoT 120

IoT Antivirus Threat Detection Cyber threats 120

SecureList

JUNE 3, 2024

The attackers were able to bypass this hardware-based security protection using another hardware feature of Apple-designed SoCs (System on a Chip): they did this by writing the data, destination address and data hash to unknown hardware registers of the chip that are not used by the firmware.

Banking 117

Banking Malware Computers and Electronics Mobile 117

NopSec

JANUARY 30, 2019

A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Affected Products According to Cisco Security Advisories: CVE-2019-1653 (information disclosure vulnerability) affects Cisco Small Business RV320 and RV325 WAN VPN Routers running firmware releases 1.4.2.15

Small Business 40

Small Business Firmware VPN Authentication 40

Security Affairs

OCTOBER 13, 2020

It can be prevented through the use of an online VPN. Even if a local network is completely secured and all IoT devices on it have firmware and software updated to the last version, a shadow IoT device can wreak havoc. Once connected to the network, a rogue IoT device can download and send or manipulate the data.

IoT 143

IoT Cybersecurity Manufacturing Internet 143

Thales Cloud Protection & Licensing

APRIL 20, 2021

Even fewer (19%) told Proofpoint that they had updated their Wi-Fi router’s firmware. Meanwhile, Verizon found in its MSI 2021 that less than half (47%) of respondents with a VPN installed on their devices activated it. A fifth of survey participants said that they never use it or activated it only when there was no other option.

Mobile 71

Mobile Architecture Data breaches Authentication 71

SecureList

SEPTEMBER 21, 2023

DDoS ads distributed by month, H1 2023 ( download ) The price of a service like that is driven by numerous factors that determine attack complexity, such as DDoS protection, CAPTCHA, and JavaScript verification on the victim’s side. They can be made to serve as routers (proxies or VPN servers) to anonymize illicit traffic.

IoT 137

IoT DDOS Passwords Malware 137

Zero Day

JUNE 6, 2025

If you are able to download and install the accompanying Epos app, you'll be able to make a few adjustments, but overall, the app is on the slim side, and I wouldn't call it a necessity.

Password Management 87

Password Management Software Artificial Intelligence Passwords 87

Pen Test Partners

MAY 26, 2025

Our investigation revealed spyware with call-forwarding and banking credential capture, likely installed via custom firmware on the device. We traced the entry to an outdated Ivanti VPN, correlated DNS to malware domains (like iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com), and observed 7zip activity linked to data staging.

Banking 64

Banking VPN Ransomware Scams 64

eSecurity Planet

MAY 20, 2024

The fix: Download your currently running version to version v0.2.72 It’s also possible that your VPN app will automatically disable the VPN once your device connects to a supposedly trusted Wi-Fi network, according to the researchers at Top10VPN. This vulnerability affects natural language processing applications.

VPN 62

VPN Firmware Malware Software 62

Zero Day

JUNE 16, 2025

Update your car's multimedia unit firmware What is firmware? All modern devices require manufacturer firmware updates to keep them running smoothly. Namely, it provides a more stable connection, higher audio fidelity, and reduced potential for interference. Show more 3. Your vehicle's multimedia unit is no exception.

Wireless 45

Wireless Password Management Energy and Utilities Small Business 45

eSecurity Planet

MARCH 22, 2023

Virtual Private Network (VPN) : For remote access, remote desktop protocol (RDP) no longer can be considered safe. Instead, organizations should use a virtual private network (VPN) solution. Onsite appliances can be expensive and difficult to deploy and maintain for the smallest organizations.

Firewall 109

Firewall Network Security Penetration Testing Encryption 109

eSecurity Planet

APRIL 30, 2024

Set Secure Firewall Rules & ACLs To prevent unwanted access and ensure effective traffic management, secure your firewall through updating firmware to resolve vulnerabilities and adopting proper configurations prior to installing firewalls in production. Check out our guide on firewall policy steps and download our free template.

Firewall 62

Firewall Architecture Firmware Risk 62