SafePay Ransomware: TTPs and Defense Strategies

When a threat actor disables your security software and starts deleting your backups, you’re already in the middle of a crisis. The operators behind SafePay ransomware are known for these exact tactics, deliberately sabotaging your ability to respond and recover. Catching an attack like this earl...

CVE-2025-34331 AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Read via download.php

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...

CVE-2025-34331

CVE-2025-34331 affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. The issue is an unauthenticated file read via the download.php endpoint, which lacks access control and lets remote, unauthenticated users request files based on attacker-supplied path/filename. T...

CVE-2016-15056

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

CVE-2016-15056

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

EUVD-2021-34718

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information,...

CVE-2021-4468 PLANEX CS-QP50F-ING2 Smart Camera Remote Configuration Disclosure

PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The backup contains sensitive configuration information,...

EUVD-2016-10800

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

CVE-2016-15056 Ubee EVW3226 Unauthenticated Backup File Disclosure

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

CVE-2016-15056 Ubee EVW3226 Unauthenticated Backup File Disclosure

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...

PT-2025-47014

Name of the Vulnerable Software and Affected Versions Ubee EVW3226 versions up to and including 1.0.20 Description The Ubee EVW3226 cable modem/router firmware stores configuration backup files in the web root after they are generated for download. These files remain accessible without...

PT-2025-47019

Name of the Vulnerable Software and Affected Versions PLANEX CS-QP50F-ING2 smart cameras affected versions not specified Description The PLANEX CS-QP50F-ING2 smart cameras have a configuration backup interface accessible over HTTP without authentication. An unauthenticated remote attacker can...

CVE-2025-12763 Command injection vulnerability allowing arbitrary command execution on Windows

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...

VulnCheck KEV: CVE-2025-53118

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM...

PT-2025-46142

Name of the Vulnerable Software and Affected Versions QNAP HBS 3 Hybrid Backup Sync versions prior to 26.2.0.938 Description A flaw exists in QNAP HBS 3 Hybrid Backup Sync related to incorrect path restriction for an access-limited directory. Successful exploitation by a remote attacker could lea...

CVE-2025-21078

Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications...

CVE-2025-21078

Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications...

CVE-2025-21078

CVE-2025-21078 affects Samsung Smart Switch prior to version 3.7.68.6. The root cause is the use of an insufficiently random value for the secretKey, which could allow adjacent attackers to access application backups. Public sources in the connected documents consistently describe this impact and...

EUVD-2025-37899

Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands...

PT-2025-45078

Name of the Vulnerable Software and Affected Versions Smart Switch versions prior to 3.7.68.6 Description The use of an insufficiently random value for the secretKey in Smart Switch allows nearby attackers to gain access to backup data from applications. Recommendations Update to version 3.7.68.6...