CVE-2026-33407

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTPPROXY and HTTPSPROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search...

EUVD-2025-93461

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the improper enforcement of resource limits in the nftables rules generation process for managed bridge networks. An attacker can exhaust the DHCP pool and disrupt network...

Domain Name Security: Important Measures You Need to Know

Whether you are an individual, a large commercial business, or a small non-profit organization, the creation and protection of your online presence are essential. While many individuals and businesses use social media platforms to connect with followers, customers, or organization members, a doma...

Threat Source newsletter (Sept. 26)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. An attacker known as “Tortoiseshell” is using a phony, malicious website to deliver malware. The site specifically targets U.S. military...

Threat Source newsletter (Aug. 22)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. What’s old is new again. Our research this week centers around a series of long-lasting threat actors and malware that have been given n...

Tips on How to Fight Back Against DNS Spoofing Attacks

The Domain Name System DNS, known as the phone book for the internet, was recently retuned to improve performance as well as include new security provisions to protect against Distributed Denial of Service DDoS attacks. DNS Flag Day drew a line in the sand for noncompliant authoritative DNS serve...

Abusing Network Time Protocol (NTP) to perform massive Reflection DDoS attack

In 2013, we have seen a significant increase in the use of a specific distributed denial of service DDoS methodology known as Distributed Reflection Denial of Service attacks DrDoS. Open and misconfigured DNS Domain Name System can be used by anyone to resolve domain names to IP addresses are...