Signal in the Noise
Exploring the signals behind tomorrow's threats.
QNAP Fixes Seven Zero-Day Vulnerabilities Affecting QTS, QuTS Hero, and Key Applications
Successful exploitation of these flaws could allow attackers to compromise NAS devices, potentially leading to unauthorized code execution, privilege escalation, data theft, or other malicious activity
QNAP NetBak PC Agent Affected by Critical ASP[.]NET Core Vulnerability (CVE-2025-55315)
QNAP has alerted users to a critical security vulnerability affecting its NetBak PC Agent, a Windows utility designed for backing up data to QNAP network-attached storage (NAS) devices. This flaw is linked to a security bypass vulnerability in the Microsoft ASP.NET Core framework, specifically within the Kestrel web server component. What Is the Vulnerability? CVE-2025-55315 […]
Critical WSUS Remote Code Execution Vulnerability (CVE-2025-59287) Actively Exploited
Microsoft has released out-of-band security updates to address a critical remote code execution vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287 (CVSS 9.8). This vulnerability is under active exploitation, and a public proof-of-concept exploit is already available. What Is the Vulnerability? CVE-2025-59287 is a remote code execution flaw in WSUS due to unsafe […]
Critical Command Injection Vulnerabilities Impact TP-Link Omada Gateway Devices
P-Link has identified and addressed two critical command injection vulnerabilities affecting multiple Omada gateway models, which are widely used by small and medium-sized businesses for routing, firewall, and VPN solutions. Vulnerability Details1. CVE-2025-6542 (Critical, CVSS 9.3)Description: This vulnerability allows a remote, unauthenticated attacker to execute arbitrary operating system commands on affected Omada gateways.Impact: Exploitation can […]
Critical Supply Chain Risk: Leaked Access Tokens in Visual Studio Code Extensions
Recent analysis has revealed that publishers of over 100 Visual Studio Code (VS Code) extensions have inadvertently leaked personal access tokens (PATs). These tokens, if compromised, can allow attackers to push unauthorized updates—including malware—directly to thousands of users, posing a serious software supply chain risk. What Is the Vulnerability and Why Does It Matter? VS […]
October 2025 Microsoft Patch Tuesday: 172 Vulnerabilities Fixed, Including Six Zero-Days
Microsoft’s October 2025 Patch Tuesday delivers security updates addressing 172 vulnerabilities across its product suite, including six zero-day vulnerabilities. Among these, eight flaws are rated “Critical”—five enabling remote code execution and three allowing elevation of privilege. Vulnerability Breakdown This month’s updates cover the following types of vulnerabilities: These counts represent only the updates released on […]
Critical Oracle E-Business Suite Zero-Day Vulnerability (CVE-2025-61882) Allows Unauthenticated RCE
A critical zero-day vulnerability, tracked as CVE-2025-61882, has been discovered in Oracle E-Business Suite. This flaw allows attackers to perform remote code execution without authentication, placing systems at severe risk. The vulnerability has a CVSS base score of 9.8, highlighting its high impact and ease of exploitation. What Is the Vulnerability? CVE-2025-61882 is located within […]
SonicWall Cloud Backup Breach: All Users Impacted – Credential Reset Required
A recent security breach has affected all customers who utilized the cloud backup service for storing firewall configuration files. Initially, it was reported that only certain backup files from MySonicWall accounts were exposed. However, it has now been confirmed that every customer using the cloud backup service is impacted by this incident. What Is the […]