Security News

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now
2025-04-19 14:05

Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. [...]

ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
2025-04-19 08:52

ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The...

ASUS warns of critical auth bypass flaw in routers using AiCloud
2025-04-18 16:05

ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. [...]

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now
2025-04-17 21:34

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. [...]

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
2025-04-17 10:32

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication...

CISA extends funding to ensure 'no lapse in critical CVE services'
2025-04-16 13:05

CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. [...]

MITRE warns that funding for critical CVE program expires today
2025-04-16 06:16

MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which...

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
2025-04-15 13:44

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even...

Critical flaws fixed in Nagios Log Server
2025-04-15 10:41

The Nagios Security Team has fixed three critical vulnerabilities affecting popular enterprise log management and analysis platform Nagios Log Server. About the flaws The vulnerabilities,...

Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
2025-04-15 04:39

A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised...