A new Mirai-based malware campaign is actively exploiting a remote code execution (RCE) vulnerability, CVE-2025-29635, in end-of-life D-Link routers. This high-severity flaw allows attackers to execute arbitrary commands on affected devices, potentially leading to a large-scale botnet formation. Security teams should ensure these routers are decommissioned or replaced to mitigate this threat.
Microsoft has issued out-of-band security updates to address a critical privilege escalation vulnerability in ASP.NET Core, identified as CVE-2026-40372. The flaw, which affects both macOS and Linux systems, allows attackers to gain elevated privileges through improper authentication handling. Organizations are urged to apply these patches immediately to protect their systems from potential exploitation.
France's national agency for managing IDs and passports has confirmed a data breach, with hackers claiming to have stolen 19 million records. The breach reportedly includes sensitive information from both individual and professional accounts. Security teams should be aware of potential phishing campaigns and identity theft attempts stemming from this incident.
STAY UPDATED
Daily security digest, straight to your inbox.