TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 CVSS score: 7.8, a lack of integrity...

CVE-2026-32294 JetKVM insufficient firmware verification

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...

PT-2026-7172

Name of the Vulnerable Software and Affected Versions SumatraPDF versions 3.5.0 through 3.5.2 Description SumatraPDF’s update process has a flaw where TLS hostname verification is disabled INTERNET FLAG IGNORE CERT CN INVALID and installers are executed without signature verification. This allows...

CVE-2025-34324

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

CVE-2025-34324

GoSign Desktop

EUVD-2025-198033

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

CVE-2025-12943

CVE-2025-12943 involves NETGEAR RAX30 and RAXE300 devices, where improper certificate validation in the firmware update logic lets an attacker who can intercept and modify traffic potentially execute arbitrary commands on the device. Affected products: NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400...

Here's How SolarWinds Hackers Stayed Undetected for Long Enough

Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures TTPs adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer picture" of one of the most sophisticated...

Xorux Lpar2RRD and Stor2RRD Operating System Command Injection Vulnerability

Bash is a shell command language interpreter written for the GNU Project and running on Unix-like operating systems by American software developer Brian J. Fox. It can read and execute commands from standard input devices or files. An operating system command injection vulnerability exists in Xor...

The vulnerability of the Enterprise Resource Management System “Galaktika ERP” allows a perpetrator to execute arbitrary codes.

The vulnerability of the “Update Manager” component of the enterprise resource management system Galaktika ERP is related to the lack of protection for transmitted data. Exploiting this vulnerability allows a malicious actor, who operates remotely and has access to the update server, to execute...

PT-2019-12954 · Hunesion · Hunesion I-Onenet

Name of the Vulnerable Software and Affected Versions: Hunesion i-oneNet versions 3.0.7 through 3.0.53 Hunesion i-oneNet versions 4.0.4 through 4.0.16 Description: The issue arises from the lack of update file integrity checking in the upgrade process, allowing an attacker to craft a malicious fi...

The vulnerability of the update mechanism for microprogramming software on Supermicro BMC controllers allows a hacker to execute arbitrary code.

The vulnerability of Supermicro microcontroller microprogramming software arises from insufficient verification of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by replacing the uploaded update...

Infotecs ViPNet Client and Coordinator Privilege Access Control Vulnerability

Infotecs ViPNet Client and Coordinator are both products of Infotecs, a German company. Infotecs ViPNet Client is the client side of a software-based VPN solution; Coordinator is the server side. A security vulnerability exists in Infotecs ViPNet Client and Coordinator that stems from incorrect...