VulnHub

Hackers are exploiting a serious vulnerability in older D-Link DSL routers, identified as CVE-2026-0625. This flaw allows attackers to execute commands remotely, potentially compromising users' devices and networks. The vulnerability has a high severity score of 9.3, which indicates that it poses a significant risk. Users of legacy D-Link DSL routers need to be aware of this issue as it could lead to unauthorized access and control over their internet-connected devices. As attackers actively exploit this flaw, it is crucial for affected users to take immediate action to protect their systems.

A serious security vulnerability has been identified in legacy D-Link DSL gateway routers, specifically affecting the 'dnscfg.cgi' endpoint. This flaw, known as CVE-2026-0625, has a high severity score of 9.3 and allows unauthenticated remote attackers to execute commands through improper handling of user-provided DNS configuration inputs. Current reports indicate that this vulnerability is actively being exploited in the wild, putting users of these older routers at risk. It is crucial for individuals and organizations using these devices to be aware of the potential for unauthorized access and control. The situation underscores the need for users to assess their network security and consider upgrading their hardware to mitigate these risks.

Recent reports indicate that attackers are actively exploiting a command injection vulnerability in several D-Link DSL gateway routers. These devices, which are considered legacy products, have not received support for years, making them particularly vulnerable. Users of affected routers may face unauthorized access to their networks, potentially allowing attackers to execute malicious commands. The exploitation of this vulnerability highlights the risks associated with using unsupported hardware. D-Link has not specified any patches or updates, leaving users with few options other than to replace these outdated routers to protect their networks.

A serious security vulnerability has been discovered in Open WebUI Direct Connections, which could allow attackers to take over user accounts and compromise servers. This flaw poses a significant risk to organizations using the platform, as it could lead to unauthorized access and data breaches. Users of Open WebUI should be especially cautious, as the vulnerability may be actively exploited. It’s crucial for those affected to stay informed about updates and patches from the developers. Companies relying on this software need to prioritize security measures to protect their systems and data from potential attacks.

A serious security flaw known as 'MongoBleed' has been identified in MongoDB servers, allowing attackers who are not authenticated to access sensitive information like passwords and tokens. This vulnerability is currently being exploited in the wild, raising significant concerns for organizations using MongoDB. The issue stems from a memory leak that can be exploited by attackers to extract confidential data directly from the servers. Companies running affected versions of MongoDB should prioritize patching their systems to mitigate the risk of unauthorized data access. Given the potential for serious data breaches, immediate action is essential for any organization relying on MongoDB for data storage.

Hackers using the RondoDox botnet are exploiting a vulnerability in Next.js known as React2Shell to take control of over 90,000 unpatched devices. This includes a range of products such as routers, smart cameras, and small business websites. The attack is particularly concerning because it targets devices that often lack regular updates or security patches, making them easy targets for cybercriminals. Users of these devices should be vigilant and consider updating their systems to protect against this growing threat. The scale of the devices affected raises alarms about the potential for widespread disruption if left unaddressed.

Over 10,000 Fortinet firewalls are currently at risk due to a two-factor authentication (2FA) bypass vulnerability that has been known for five years. This vulnerability allows attackers to exploit systems that have not implemented proper security measures, potentially granting them unauthorized access to sensitive data and networks. The issue is particularly pressing because it affects devices that are publicly accessible on the internet, increasing the likelihood of exploitation. Organizations using these firewalls need to act quickly to secure their systems and protect against potential breaches. It's crucial for users to verify their configurations and apply any available updates to mitigate this serious risk.

The RondoDox botnet has been actively exploiting the React2Shell vulnerability to target Next.js servers since December. This vulnerability allows attackers to compromise systems that are not properly secured, potentially leading to unauthorized access and control. Organizations using Next.js should be particularly vigilant, as the botnet's operators are weaponizing this flaw to expand their reach. It’s crucial for companies to implement security measures to protect their servers from these types of attacks. As the situation develops, users need to stay informed about their server configurations and ensure they are updated against known vulnerabilities.

In April and May 2023, a Chinese advanced persistent threat (APT) group exploited a zero-day vulnerability in Ivanti's Endpoint Mobile Management (EPMM) platform, impacting thousands of organizations. This attack allowed unauthorized access and control over mobile devices managed through Ivanti's software, raising serious concerns about the security of sensitive data within those systems. The incident serves as a stark reminder of the vulnerabilities that can exist in widely used management tools. Security experts warn that similar attacks could occur again if organizations do not take proactive measures to secure their systems. Companies using Ivanti EPMM should assess their security posture and implement necessary updates to prevent future breaches.

The RondoDox botnet has been identified exploiting a serious vulnerability known as React2Shell (CVE-2025-55182) to compromise Next.js servers. This flaw allows attackers to inject malware and cryptominers into systems that have not been properly secured. Organizations using Next.js frameworks are particularly at risk, as the botnet targets these servers directly. This incident underscores the necessity for companies to regularly update their software and apply security patches to prevent such attacks. The ongoing exploitation of this vulnerability poses significant risks to data integrity and can lead to unauthorized resource usage, impacting both performance and costs for affected users.