Hackers exploit critical D-Link DIR-859 router flaw to steal passwords
Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords. [...]
Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.
Search across headline titles and summaries.
Background for this topic.
A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.
Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.
Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords. [...]
Critical-Severity Flaws Expose Emerson Devices to CyberattacksMultiple critical vulnerabilities in Emerson Rosemount 370XA gas chromatographs could allow malicious actors to access sensitive data, cause denial-of-service conditions and execute arbitrary commands. Emerson recommends that end users update the firmware on the products.
The company is urging users running vulnerable versions to patch CVE-2024-5655 immediately, to avoid CI/CD malfeasance.
GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user
While Progress has released patches for the vulnerabilities, attackers are trying to exploit them before organizations have a chance to remediate.
Wireless service providers prioritize uptime and lag time, occasionally at the cost of security, allowing attackers to take advantage, steal data, and worse.
A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user. [...]
A CISA analysis in collaboration with international partners concluded most critical open source projects potentially contain memory safety vulnerabilities
Researchers Say Manufacturer Proges Plus Hasn't Responded to Vulnerability FindingsVulnerabilities in internet-connected temperature monitoring devices - and an accompanying desktop application - mainly used in hospitals could be exploited by hackers to exfiltrate sensitive data or compromise temperature monitoring integrity, researchers warn.
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques
A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database
Activist Investors Are Rare in Cybersecurity, But Rapid7's Struggles Drew a Firm InJana Partners announced a "significant" stake in Boston-based Rapid7 Wednesday and plans to push the vulnerability management firm to sell itself. The activist investor is working with investment firm Cannae Holdings, and wants Cannae to team up with a private equity firm to buy Rapid7.
Progress Software: 'Newly Disclosed Third-Party Vulnerability Introduces New Risk'Hackers jumped on a new flaw in Progress Software's MOVEit managed file transfer application just hours after maker Progress Software publicly disclosed the critical flaw, which allowsattackers to bypass authentication. Customers of the Massachusetts company are no strangers to emergency patching.
The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro.
The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. [...]
Two authentication bypass vulnerabilities affect Progress Software’s MOVEit Transfer SFTP service in a default configuration and MOVEit Gateway
A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed
Exploit attempts for ‘devastating’ vulnerabilities already underway Thought last year's MOVEit hellscape was well and truly behind you? Unlucky, buster. We're back for round two after Progress Software lifted the lid on fresh vulnerabilities affecting MOVEit Transfer and Gateway.…
Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner
An unknown adversary compromised a CISA app containing the data via a vulnerability in the Ivanti Connect Secure appliance this January.