Alerts

Background A critical security vulnerability has been identified in legacy D-Link DSL gateway routers, tracked as CVE-2026-0625 with a CVSS score of 9.3. The vulnerability stems from improper sanitization of user-supplied input in the dnscfg.cgi endpoint, enabling unauthenticated command injection and remote code execution. Active exploitation of this flaw has been observed in the wild, […]

EXPLOIT This flaws were being exploited by use of the following CVEs CVE-2023-44221 (CVSS score: 7.2) – Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a ‘nobody’ user, potentially leading to OS Command Injection Vulnerability CVE-2024-38475 (CVSS score: 9.8)

BACKGROUND Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. RECOMMENDATION To mitigate the risk posed by such attacks, clients are advised to apply a Conditional Access policy to all Microsoft 365, Dynamics

BACKGROUND Researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. “Pinging functionality that can report back to a

BACKGROUND Once installed and activated, it provides threat actors administrator access to the dashboard and makes use of the REST API to facilitate remote code execution by injecting malicious PHP code into the site theme’s header file or clearing the caches of popular caching plugins. A new iteration of the malware includes notable changes to

The Malawi Computer Emergency Response Team warns cisco customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA’s WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)

Malawi CERT advices google services users about a malware that is using the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close

Malawi CERT warns of a zero-day security flaw in Telegram’s mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. Attackers could share malicious Android payloads via Telegram channels, groups, and chat, and make them appear as multimedia files,” a security researcher said in a report. It’s

Malawi CERT warns about a new information stealer targeting Apple macOS systems that’s designed to set up persistence on the infected hosts and act as a spyware. Hackers are using a new Mac malware to launch attacks against both newer Macs running Apple Silicon as well as older Intel-based Macs. Cuckoo, like the MacStealer macOS

Domain slamming is a scam in which the offending domain name registrar attempts to trick domain owners into switching from their existing registrar to theirs, under the pretense that the customer is simply renewing their subscription to their current registrar. Malawi CERT warns about seemingly urgent emails from a ‘Domain Registry in China’, claiming that