Security news aggregator

Latest coverage for Firmware

Stay updated on firmware security: Explore the latest threats, updates, and protection strategies for safeguarding critical system software.

5 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Firmware is software stored in a device’s nonvolatile memory that initializes and controls hardware, often before an operating system or application runs. It may reside in computers, network equipment, phones, industrial controllers, storage devices, and embedded components. Firmware can be updated, so it is not necessarily permanent or read-only.

Firmware matters to security because vulnerabilities or unauthorized changes can affect a device beneath the operating system and may persist across software reinstallation. Important controls include authenticated, cryptographically signed updates; secure boot, which verifies code before execution; protection against unauthorized flashing and downgrade attacks; and a reliable recovery mechanism. Practitioners also need firmware inventories, vulnerability tracking, and a supported update process, since obscure components can remain unpatched or use insecure update mechanisms. During an investigation, verifying firmware integrity and the device’s boot chain can help distinguish an operating-system compromise from a deeper modification.

Volume over time

Weekly headline count for the current query.

Showing 5 most recent headlines Filtered view
Bank Info Security 1 week, 2 days ago

Hidden Backdoor Found in Tenda Router Firmware

Unauthenticated Flaw Allows Full Router, Network TakeoverA hidden backdoor, disclosed by CERT/CC and found in multiple firmware versions made by Chinese manufacturer Tenda, bypasses authentication and could grant attackers administrative access. Researchers are reporting exploitation and an Nmap script is making vulnerable devices easier to identify.

Bank Info Security 1 week, 2 days ago

Hidden Backdoor in Tenda Router Firmware

Unauthenticated Flaw Allows Full Router, Network TakeoverA hidden backdoor, disclosed by CERT/CC and found in multiple firmware versions made by Chinese manufacturer Tenda, bypasses authentication and could grant attackers administrative access. Researchers are reporting exploitation and an Nmap script is making vulnerable devices easier to identify.

CERT/CC warns an unpatched backdoor in several Tenda routers lets attackers bypass login and gain full admin access with a hidden password. CERT/CC published an alert documenting an undocumented authentication backdoor in multiple Tenda firmware versions, tracked as CVE-2026-11405. The flaw gives anyone who knows the right password full administrative access to the device’s web […]

Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday