Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

White Label 46ce2ac8 17. d link router

A critical vulnerability in legacy D-Link DSL routers, identified as CVE-2026-0625, is now under active exploitation in the wild. This D-Link router exploit allows unauthenticated remote attackers to execute arbitrary code, leading to a complete breach of the device. With a high CVSS score of 9.3 and impacting End-of-Life (EoL) models, understanding this attack is crucial for both security professionals and anyone managing home or small office networks. This guide provides a deep technical analysis, maps the threat to the MITRE ATT&CK framework, and offers actionable defense strategies.

Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

White Label 28b0515d 16. malicious chrome

In the ever-evolving landscape of cyber threats, a new wave of attacks is targeting cryptocurrency users through a trusted vector: the browser extension. Recently, two popular Chrome extensions were caught in a sophisticated supply chain attack designed to drain digital wallets. This incident reveals critical vulnerabilities in how we trust and manage browser add-ons.

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

White Label db750539 15. iot firmware vulnerability

In the interconnected world of the Internet of Things (IoT), a single vulnerability can serve as a master key for attackers seeking to infiltrate networks. The recent discovery of an unpatched firmware vulnerability (CVE-2025-65606) in the TOTOLINK EX200 wireless range extender serves as a stark case study. This critical flaw demonstrates how an error in a device’s fundamental code can be weaponized to achieve complete remote device takeover, turning a benign network helper into a potent attack vector.

Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat

White Label 8ed812ab 14. hotel booking phishing scam

In the ever-evolving landscape of cyber threats, a new, highly targeted phishing campaign has emerged, masquerading as legitimate hotel booking confirmations. This attack doesn’t just try to steal your login credentials, it’s a multi-stage breach designed to drain your wallet and compromise your identity. For cybersecurity beginners and professionals alike, understanding the mechanics of this hotel booking phishing scam is crucial for building effective defenses.

What is Identity Dark Matter?

White Label dd6ed06f 13. identity dark matter decoded

In the vast digital universe of your organization, a silent, invisible threat is expanding, Identity Dark Matter. Much like the cosmological dark matter that makes up most of the universe’s mass yet remains undetectable by telescopes, this cybersecurity phenomenon refers to the sprawling collection of unmanaged, unmonitored, and often forgotten digital identities. These include dormant service accounts, orphaned credentials, stale user profiles, and undocumented API keys that exist outside the purview of your Identity and Access Management (IAM) systems.

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

White Label a8a6e09a 12. the hidden threat of malicious vs code

Your Visual Studio Code editor, the very tool you use to build secure applications, has become a prime target for sophisticated cyber attacks. A critical vulnerability in the VS Code extension security ecosystem allows malicious actors to distribute weaponized extensions through forked repositories, bypassing conventional security checks. This isn’t just theoretical, thousands of developers have already been exposed to this supply chain attack vector.

The core issue lies in how VS Code’s extension recommendation system can sometimes suggest forked versions of popular extensions. These forked extensions appear legitimate but contain hidden malware designed to steal credentials, exfiltrate source code, or establish persistent backdoors in development environments. Understanding this threat is crucial for every developer, from beginners to seasoned professionals, because your code editor has become the new attack surface.

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

White Label 27efe1a0 11. critical n8n vulnerability

In the world of workflow automation, a critical security flaw can transform a productivity engine into a gateway for attackers. The recent discovery of CVE-2025-68668, a n8n vulnerability with a staggering CVSS score of 9.9, serves as a stark reminder of this reality. This flaw, affecting versions 1.0.0 through 1.x, allows any authenticated user with workflow edit permissions to escape the Python sandbox and execute arbitrary system commands on the host server.

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

White Label d4eea69d 10. critical adonisjs bodyparser flaw

A critical security flaw designated as CVE-2025-2009 (CVSS Score: 9.8) has been discovered in the BodyParser middleware of the AdonisJS Node.js framework. This vulnerability allows attackers to perform prototype pollution through specially crafted HTTP requests, which can be chained to achieve Remote Code Execution (RCE) on vulnerable servers. This comprehensive guide breaks down the technical exploit mechanics and provides actionable defense strategies.

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

White Label a132096f 09. viber messenger malware attack

In January 2026, cybersecurity researchers uncovered a sophisticated attack campaign where the Russia-aligned threat actor UAC-0184 (Hive0156) successfully breached Ukrainian military and government systems. Their primary weapon wasn’t a novel malware strain, but the clever abuse of a trusted communication platform: Viber. This Viber messaging attack represents a significant shift in cyber-espionage tactics, moving beyond email to exploit the inherent trust in personal and professional messaging apps.