CVE-2025-63215

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

EUVD-2025-30995

Malicious code in bioql PyPI...

CVE-2025-27033

Information disclosure while running video usecase having rogue firmware...

CVE-2025-27033

Information disclosure while running video usecase having rogue firmware...

CVE-2025-27033 Buffer Over-read in Video

Information disclosure while running video usecase having rogue firmware...

CVE-2025-27033 Buffer Over-read in Video

Information disclosure while running video usecase having rogue firmware...

CVE-2025-27033

CVE-2025-27033 is described as an information-disclosure issue related to video processing on Qualcomm chipsets under rogue firmware. Connected sources (Pixel Watch bulletin) classify it under Qualcomm components with a moderate severity and identify Video as the affected subcomponent. The vulner...

PT-2025-39273

Name of the Vulnerable Software and Affected Versions Affected versions not specified Description An information disclosure issue exists when running a video usecase with rogue firmware. The issue involves the disclosure of information during video processing when utilizing compromised firmware...

High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners

Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if successfully exploited, could allow attackers to execute arbitrary code on affected systems. Romanian cybersecurity firm Bitdefender, which discovered the flaw in...

Vulnerabilities fixed in Cisco IOS XR

Cisco has fixed vulnerabilities in IOS XR. A unauthenticated malicious party could exploit the vulnerabilities to cause a denial-of-service, or to bypass existing ACLs bypassing them by sending specially prepared network traffic. Cisco has also fixed vulnerabilities that allow a local,...

Firmware and Intel Boot Guard keys leaked in ransomware attack on MSI

In late March, hardware manufacturer MSI was hit by a ransomware attack. As a result of this ransomware attack, private keys were according to security firm Binarly, private keys were leaked that are used to digitally sign firmware for motherboards. Also compromised were private keys used by Inte...

D-Link Cloud Camera Flaw Gives Hackers Access to Video Stream

D-Link has only partially patched critical flaws affecting its consumer WiFi camera, which allow hackers to intercept and view recorded video. They also allow attackers to manipulate the device’s firmware, according to security researchers. The camera in question is D-Link’s DCS-2132L cloud camer...

IoT: OFF by default

It’s increasingly difficult to buy home appliances and other tech that DOESN’T have connectivity. Despite reservations about the security of smart tech, if we want to buy mid to high end devices, we often have no choice but to buy appliances with connectivity. To quote @Mikko Hypponen: If it is...