Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by submitting input that exceeds allocated buffer sizes, leading to memory corruption.
This classic CWE-120 buffer overflow enables remote unauthenticated code execution with high impact on confidentiality, integrity, and availability,...
India's government is considering a push in the telecom industry to mandate always-on satellite location tracking on smartphones from Apple, Google, and Samsung.
This would permanently activate Assisted GPS (A-GPS) technology, enabling precise surveillance without user opt-out.
Tech giants oppose it fiercely, citing massive...
Let's Encrypt, a leading nonprofit certificate authority (CA), plans to slash the validity of its TLS certificates from 90 days to 45 days by 2028.
This move aligns with industry-wide mandates from the CA/Browser Forum's Baseline Requirements, which govern publicly trusted CAs.
Shorter lifetimes...
GitLab released patch versions 18.6.1, 18.5.3, and 18.4.5 for Community Edition (CE) and Enterprise Edition (EE) to address critical security flaws.
These updates fix high-severity vulnerabilities, such as a race condition in CI/CD caching and multiple denial-of-service (DoS) issues that could disrupt services.
Administrators...
A serious flaw in Angular's HTTP Client exposes users' XSRF tokens to attacker-controlled sites, enabling CSRF attacks that bypass built-in protections.
Tracked as CVE-2025-66035 with a CVSS score of 7.5 (High severity), this issue affects the @angular/standard package.
It stems from the mishandling of...
HashiCorp has disclosed a security flaw in its Vault Terraform Provider that allows attackers to bypass valid credentials and log in to Vault via LDAP authentication.
Tracked as CVE-2025-13357 and bulletin HCSEC-2025-33, the issue stems from incorrect default settings and affects users managing Vault...