Security News

ASUS warns of critical auth bypass flaw in routers using AiCloud
2025-04-18 16:05

ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. [...]

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now
2025-04-17 21:34

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. [...]

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
2025-04-17 10:32

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication...

CISA extends funding to ensure 'no lapse in critical CVE services'
2025-04-16 13:05

CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. [...]

MITRE warns that funding for critical CVE program expires today
2025-04-16 06:16

MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which...

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
2025-04-15 13:44

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even...

Critical flaws fixed in Nagios Log Server
2025-04-15 10:41

The Nagios Security Team has fixed three critical vulnerabilities affecting popular enterprise log management and analysis platform Nagios Log Server. About the flaws The vulnerabilities,...

Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
2025-04-15 04:39

A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised...

Critical FortiSwitch flaw lets hackers change admin passwords remotely
2025-04-09 16:09

Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. [...]

Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
2025-04-09 03:12

Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file...