PT-2026-24471

Name of the Vulnerable Software and Affected Versions nerves-hub nerves hub web versions 1.0.0 through 2.3.9 Description An improper authorization issue exists in nerves-hub nerves hub web that allows cross-organization device control through device bulk actions and the device update API. Missing...

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

CVE-2025-59374

The CVE-2025-59374 entry describes a supply-chain compromise in ASUS Live Update, where unauthorized modifications were distributed in several historical builds. Affected versions include ASUS Live Update prior to 3.6.8 and versions 3.6.8–3.6.15, with End-of-Support reached in October 2021. The v...

EUVD-2025-203872

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

VulnCheck KEV: CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...

PT-2025-51813

Name of the Vulnerable Software and Affected Versions ASUS Live Update versions prior to 3.6.8 ASUS Live Update versions 3.6.8 through 3.6.15 ASUS Live Update versions prior to October 2021 Description Certain versions of the ASUS Live Update client were distributed with unauthorized modification...

2 Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’

The names of two partial owners of firms linked to the Salt Typhoon hacker group also appeared in records for a Cisco training program—years before the group targeted Cisco’s devices in a spy campaign...

Update your iPhones and iPads now: Apple patches security vulnerabilities in iOS and iPadOS

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited. Zero-day vulnerabilities are discovered by attackers before the software company itself - meaning the vendor has zero days to fix them. Both the two...

CVE-2024-21773

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings...

KryptoCibule malware uses Tor & Torrent sites to steal your cryptocurrency

By Sudais Asif The KryptoCibule malware also mines cryptocurrency on targeted devices. This is a post from HackRead.com Read the original post: KryptoCibule malware uses Tor & Torrent sites to steal your cryptocurrency...

Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users

Finally, for the very first time, an encrypted messaging service provider is taking legal action against a private entity that has carried out malicious attacks against its users. Facebook filed a lawsuit against Israeli mobile surveillance firm NSO Group on Tuesday, alleging that the company was...

Airties AIR5342 1.0.0.18 - Cross-Site Scripting

Exploit Title: Airties AIR5342 1.0.0.18 - Cross-Site Scripting Date: 25-09-2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.airties.com/ Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 Affected products: AIR5342, AIR5343v2, AIR5443v2, AIR5453, AIR5442,...