Billions of Devices at Risk of Hacking & Impersonation Due to Hidden Commands
Researchers warn these commands could be exploited to manipulate memory, impersonate devices, and bypass security controls.
Vulnerability
Laravel Framework Flaw Allows Attackers to Execute Malicious JavaScript
A significant vulnerability has been identified in the Laravel framework, specifically affecting versions between 11.9.0 and 11.35.1. The issue revolves around improper encoding of request parameters on the error page when the application is running in…
Critical Vulnerabilities in Moxa Switches Enable Unauthorized Access
A critical vulnerability identified as CVE-2024-12297 has been discovered in Moxa’s PT series of network switches, affecting multiple models across different product lines. This security flaw involves an authorization logic disclosure that can be…
WinDbg Vulnerability Allows Attackers to Execute Remote Code
Microsoft recently disclosed a critical vulnerability impacting its debugging tool, WinDbg, and associated .NET packages. Tracked CVE-2025-24043, this flaw allows remote code execution (RCE) due to improper cryptographic signature verification in the S…
Thinkware Dashcam Vulnerability Leaks Credentials to Attackers
A series of significant security vulnerabilities have been discovered in the Thinkware Dashcam, specifically the F800 Pro model, which could pose serious risks to users’ privacy and security. These issues include unauthorized access to sensitive …
New Apache Traffic Server Flaws Allow Malformed Request Exploits
The Apache Software Foundation has disclosed several vulnerabilities affecting its Traffic Server software. These vulnerabilities allow malicious actors to exploit malformed requests and access control list (ACL) issues, posing serious security risks t…
Commvault Webserver Flaw Allows Attackers to Gain Full Control
Commvault has revealed a major vulnerability in its software that could allow malicious actors to gain full control of its webservers. The issue, identified as CV_2025_03_1, has been categorized as a high-severity flaw and impacts multiple versions of …
Over 43 Million Python Installations Vulnerable to Dangerous Code Execution Flaw
A significant vulnerability has been uncovered in the Python JSON Logger package (python-json-logger), affecting versions 3.2.0 and 3.2.1. This flaw, CVE-2025-27607 allows for remote code execution (RCE) due to misusing a missing dependency known as ms…
Threat Actors Exploit PHP-CGI RCE Vulnerability to Attack Windows Machines
A recent cybersecurity threat has emerged where unknown attackers are exploiting a critical remote code execution (RCE) vulnerability in PHP-CGI on Windows systems. This vulnerability, identified as CVE-2024-4577, allows attackers to execute arbitrary …
Critical DrayTek Router Vulnerabilities Expose Devices to RCE Attacks
A recent security analysis of Draytek Vigor routers has uncovered severe vulnerabilities that could allow attackers to hijack devices, execute arbitrary code, and bypass critical security controls. These findings, disclosed by researchers at DEFCON 32 …