Hardware manufacturer Zyxel quietly released an update fixing a critical vulnerability that gives hackers the ability to control tens of thousands of firewall devices remotely. The vulnerability, ...

Update: In a statement to ZDNet, Fortinet criticized Rapid7 for releasing the study and said a patch would be released by the end of the month. "The security of our customers is always our first ...

The Salt Project has issued a secondary fix for a command injection vulnerability after the first attempt to patch the issue partially failed. The vulnerability, tracked as CVE-2020-28243, impacts ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the ...

The vulnerability, tracked as CVE-2024-12856, affects F3x24 and F3x36 router models. It allows remote command execution through the router's default credentials, potentially compromising thousands of ...

Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.

Networking hardware-maker Zyxel is warning of nearly a dozen vulnerabilities in a wide array of its products. If left unpatched, some of them could enable the complete takeover of the devices, which ...

Cisco is warning of a critical security vulnerability found in its Unified industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) access points that could allow an ...

A command injection flaw in the Windows Notepad App now gives remote attackers a path to execute code over a network, turning one of the most familiar programs on any PC into a potential entry point ...

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting ...