15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck
Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.
Search across headline titles and summaries.
Background for this topic.
A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.
Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.
A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck
The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024
Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices
Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN
The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions
Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances
The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild
The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions
Meta Platforms-owned WhatsApp scored a major legal victory in its fight against Israeli commercial spyware vendor NSO Group after a federal judge in the U.S. state of California ruled in favor of the messaging giant for exploiting a security vulnerability to deliver Pegasus