CVE-2025-38087: Linux Kernel Traffic Control TAPRIO Use-After-Free This is a 64byte UAF write vuln I discovered for Pwn2Own. However, I couldn’t reliably exploit it due to the extremely narrow race window, so I had no choice but to patch it 😥 git.kernel.org/pub/scm/linux/…

CVE-2025-27051 Memory corruption while processing command message in WLAN Host. cve.org/CVERecord?id=C…

Microsoft found Turla, Russia's elite FSB cyberespionage group, hacking foreign embassies' staff in Moscow by directly meddling with ISP traffic to infect targets with spyware that silently stripped away encryption on their communications and credentials. wired.com/story/russia-f…

Huntress is seeing multiple threat actors hit networks via SonicWall devices, even when MFA is enabled. Pivot straight to DC. Suspected ransomware (Akira). If you’re running SonicWall VPN, read this now:

Patch management & variant analysis has always been hard for big vendors to get right. Nonetheless,

CISA adds three D-Link router flaws to KEV due to active exploitation, including remote password disclosure and command injection from 2020-2022. Firmware fixes exist, but CVE-2020-40799 remains unpatched. #RouterSecurity #US #Vulnerabilities ift.tt/3FqgCfj

Curious how a bug in Linux’s ipset subsystem could lead to full kernel compromise? In our new article, we revisit CVE-2024-53141 to break down the bug, explore the memory layout, and show how it can be turned into a powerful privilege escalation. Read it here:

WHY 2025 - From WAN to NAS: A Pwn2Own Journey youtube.com/watch?v=QkneE5… "The Dutch NCSC issued a warning last year that they see an increase of threat actors that shift their attention from endpoints to edge devices, including routers. ..."

"GRE is susceptible to IP spoofing attacks, which can compromise network security. By exploiting these vulnerabilities, attackers can access internal networks and obtain sensitive data without an initial foothold. "

" more than 4 million vulnerable hosts which accept unauthenticated IP in IP (IPIP), Generic Routing Encapsulation (GRE), IPv4 in IPv6 (4in6), or IPv6 in IPv4 (6in4) traffic. These hosts can be abused as one-way proxi... or can permit access to an organization's private network"

Linux >=6.4: epoll: UAF via race between ep_eventpoll_release() and eventpoll_release_file() because mutex_unlock() is not ownership-drop-safe project-zero.issues.chromium.org/issues/4305416…

Many routers are affected

It's 2025. There is no excuse for any product to past tokens into SQL statements like this, much less a security product. Fortinet, a cybersecurity company, has become famous over the last several years for its security flaws. An occasional flaw is forgiveable, but this line of

CISA and the rest of the U.S. government has been pleading with the network industry to pave a secure path forward for many months now. This latest round of bugs is CRITICAL. They're joined by Palo Alto, Fortinet, Ivanti, and others with frequent game-over RCE vulns.

"in Littleton, MA: China found a weakness in a network firewall... once inside, China did not install malware [...], it stole login credentials, and masqueraded as a legitimate employee. they are gaining access to the system and laying dormant" - Hugh youtube.com/watch?v=43vxby…

👀 F5 Networks Key Rotation

Attackers accessed source code + undisclosed vulns. More concerning: they obtained customer implementation configs and system designs that could enable downstream attacks.

DOJ allowed delayed disclosure, suggesting national security implications. This exemption is rarely granted unless there's substantial risk to critical infrastructure. UK NCSC already warning about potential exploitation risks. CISA's emergency directive gives federal agencies

At this POC, we will present our work on CVE-2024-50264. This vsock vulnerability is the most impressive bug I’ve found :)

labs.watchtowr.com/yikes-watchgua… "As we eluded to above, we were wildly disappointed to see that almost all exploit mitigations are not in use - a sorry state of affairs for an appliance in 2025, let alone a security appliance."