router
New Mirai campaign exploits RCE flaw in EoL D-Link routers
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. CVE-2025-29635 allows an attacker to execute arbitrary commands on remote devices by sending a POST request to a vulnerable endpoint, triggering remote command execution (RCE). Akamai’s SIRT, which detected the Mirai campaign in March […]
TP-Link warns users to patch critical router auth bypass flaw
TP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow attackers to bypass authentication and upload new firmware. Tracked as CVE-2025-15517, this security flaw affects Archer NX200, NX210, NX500, and NX600 wireless routers and stems from a missing authentication weakness that attackers can exploit without privileges. “A missing […]
FCC bans new routers made outside the USA over security risks
The Federal Communications Commission has updated its Covered List to include all consumer routers made in foreign countries, banning the sale of new models in the U.S. The Covered List, created under the Secure and Trusted Communications Networks Act of 2019, is an FCC-maintained list of communications equipment and services that the U.S. government has […]
US disrupts SocksEscort proxy network powered by Linux malware
Law enforcement agencies in the U.S. and Europe, along with private partners, have disrupted the SocksEscort cybercrime proxy network that relied solely on edge devices compromised via the AVRecon malware for Linux. According to Lumen’s Black Lotus Labs (BLL), which helped the U.S. Department of Justice take down Socksescort, the proxy network had a constant average of 20,000 […]
Critical Juniper Networks PTX flaw allows full router takeover
A critical vulnerability in the Junos OS Evolved network operating system running on PTX Series routers from Juniper Networks could allow an unauthenticated attacker to execute code remotely with root privileges. PTX Series routers are high-performance core and peering routers built for high throughput, low latency, and scale. They are commonly used by internet service providers, telecommunication […]
Zyxel warns of critical RCE flaw affecting over a dozen routers
Taiwan networking provider Zyxel has released security updates to address a critical vulnerability affecting over a dozen router models that can allow unauthenticated attackers to gain remote command execution on unpatched devices. Tracked as CVE-2025-13942, this command injection security flaw was found in the UPnP function of Zyxel 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber […]
DKnife Linux toolkit hijacks router traffic to spy, deliver malware
A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaigns. The framework serves as a post-compromise framework for traffic monitoring and adversary-in-the-middle (AitM) activities. It is designed to intercept and manipulate traffic destined for endpoints (computers, mobile devices, IoTs) on the network. […]
Cloudflare misconfiguration behind recent BGP route leak
Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic. The BGP system helps route data across different networks called autonomous systems (AS) that send it to destination through smaller networks on the internet. The incident was […]
New D-Link flaw in legacy DSL routers actively exploited in attacks
Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway routers that went out of support years ago. The vulnerability is now tracked as CVE-2026-0625 and affects the dnscfg.cgi endpoint due to improper input sanitization in a CGI library. An unauthenticated attacker could leverage this to execute remote commands via DNS configuration parameters. Vulnerability intelligence company […]
ASUS warns of new critical auth bypass flaw in AiCloud routers
ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. AiCloud is a cloud-based remote access feature that comes with many ASUS routers, turning them into private cloud servers for remote media streaming and cloud storage. As the Taiwanese electronics manufacturer explained, the CVE-2025-59366 vulnerability “can […]