Flaws Archives - Online Tech

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

Admin22 hours ago03 mins mins

Ravie LakshmananJan 29, 2026Vulnerability / Software Security SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE). The list of vulnerabilities is as follows – CVE-2025-40536 (CVSS score: 8.1) – A security control bypass vulnerability…

Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Admin5 days ago023 mins mins

Ravie LakshmananJan 26, 2026Hacking News / Cybersecurity Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming…

Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

Admin1 week ago04 mins mins

Ravie LakshmananJan 21, 2026Vulnerability / Artificial Intelligence Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization. Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API…

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Admin3 weeks ago03 mins mins

Jan 08, 2026Ravie LakshmananVulnerability / Container Security Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows – CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality…

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

Admin2 months ago03 mins mins

Dec 15, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations. The shortcomings, discovered by Horizon3.ai and reported to the project maintainers on September 15, 2025, are listed below –…

Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Admin2 months ago05 mins mins

Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature. They are tracked as CVE-2025-59718 and CVE-2025-59719…

AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

Admin2 months ago017 mins mins

Nov 27, 2025Ravie LakshmananCybersecurity / Hacking News Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But…

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide

Admin2 months ago03 mins mins

Nov 19, 2025Ravie LakshmananVulnerability / Threat Intelligence A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network. The router hijacking activity has been codenamed Operation WrtHug by SecurityScorecard’s STRIKE team. Southeast Asia and European…

Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws

Admin3 months ago03 mins mins

Nov 12, 2025Ravie LakshmananNetwork Security / Zero-Day Amazon’s threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products as part of attacks designed to deliver custom malware. “This discovery highlights the trend of threat actors focusing…

AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More

Admin3 months ago014 mins mins

Nov 06, 2025Ravie LakshmananCybersecurity / Hacking News Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors. The result is a global…

Chief Editor

Saroj Mhr

Flaws

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide

Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws

AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More

AI & Future Tech

Gaming