Alerts

Background A critical security vulnerability has been identified in legacy D-Link DSL gateway routers, tracked as CVE-2026-0625 with a CVSS score of 9.3. The vulnerability stems from improper sanitization of user-supplied input in the dnscfg.cgi endpoint, enabling unauthenticated command injection and remote code execution. Active exploitation of this flaw has been observed in the wild, […]

EXPLOIT This flaws were being exploited by use of the following CVEs CVE-2023-44221 (CVSS score: 7.2) – Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a ‘nobody’ user, potentially leading to OS Command Injection Vulnerability CVE-2024-38475 (CVSS score: 9.8)

BACKGROUND Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. RECOMMENDATION To mitigate the risk posed by such attacks, clients are advised to apply a Conditional Access policy to all Microsoft 365, Dynamics

BACKGROUND Researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. “Pinging functionality that can report back to a

BACKGROUND Once installed and activated, it provides threat actors administrator access to the dashboard and makes use of the REST API to facilitate remote code execution by injecting malicious PHP code into the site theme’s header file or clearing the caches of popular caching plugins. A new iteration of the malware includes notable changes to

The Malawi Computer Emergency Response Team warns cisco customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA’s WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)

Malawi CERT advices google services users about a malware that is using the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close

Malawi CERT warns of a zero-day security flaw in Telegram’s mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. Attackers could share malicious Android payloads via Telegram channels, groups, and chat, and make them appear as multimedia files,” a security researcher said in a report. It’s

Malawi CERT warns about a new information stealer targeting Apple macOS systems that’s designed to set up persistence on the infected hosts and act as a spyware. Hackers are using a new Mac malware to launch attacks against both newer Macs running Apple Silicon as well as older Intel-based Macs. Cuckoo, like the MacStealer macOS

Domain slamming is a scam in which the offending domain name registrar attempts to trick domain owners into switching from their existing registrar to theirs, under the pretense that the customer is simply renewing their subscription to their current registrar. Malawi CERT warns about seemingly urgent emails from a ‘Domain Registry in China’, claiming that

The Malawi Computer Emergency Response Team (Malawi CERT)warns about a widespread Facebook phishing campaign stating, “I can’t believe he is gone. I’m gonna miss him so much,” leads unsuspecting users to a website that steals your Facebook credentials. The Facebook phishing posts come in two forms, with one simply stating, “I can’t believe he is

The Malawi Computer Emergency Response Team (Malawi CERT)warns about pirated applications that are targeting Apple macOS users containing a backdoor capable of granting attackers remote control to infected machines.”These applications are being hosted on Chinese pirating websites in order to gain victims,” a Threat Labs researcher said. Once detonated, the malware will download and execute

The Malawi Computer Emergency Response Team (Malawi CERT) warns of an actively exploited vulnerability in the Chrome web browser, tracked as CVE-2023-2033. This vulnerability poses a high-severity risk and has been described as a type confusion issue in the V8 JavaScript engine. The vulnerability could potentially allow cybercriminals to access your vulnerable system. To address

The Malawi Computer Emergency Response Team (Malawi CERT) warns of a vulnerability reported by HP concerning certain LaserJet printer models. The vulnerability, identified as CVE-2023-1707 and assigned a critical severity score of 9.1, could result in the disclosure of sensitive information. It affects specific HP Enterprise LaserJet and HP LaserJet Managed Printers that have IPsec

The Malawi Computer Emergency Response Team (Malawi CERT) cautions against a concerning cybersecurity trend where malicious browser add-on extensions are being used to steal personal data from unsuspecting users. A recent example is the fake ChatGPT-branded Chrome browser extension, identified as a tool used by cybercriminals to hijack Facebook accounts and compromise users’ personal information.

The Malawi Computer Emergency Response Team (Malawi CERT) is urging people to exercise caution when using Python libraries, especially those available on the PyPI repository. The warning follows the discovery by ReversingLabs of 41 malicious Python packages that are posing as legitimate modules on PyPI. The Malawi CERT is advising users to verify package integrity

The Malawi Computer Emergency Response Team is reminding individuals and businesses to stay up to date with the latest software and security updates. One such update that should not be ignored is the January 2023 patch from Microsoft. This patch addresses 98 vulnerabilities in the Windows operating system, including those that could potentially be exploited