The issue was identified as CVE-2025-2492; its CVSS score is 9.2 (critical). The vulnerability can be exploited remotely using a specially crafted request and doesn’t require authentication.
“An improper authentication control vulnerability exists in certain ASUS router firmware series. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions,” – ASUS.
AiCloud is a cloud remote access feature embedded into many ASUS routers and turning them into private cloud servers. AiCloud allows users to access files stored on USB drives connected to the router, play media remotely, sync files between the home network and other cloud services, and share files with others.
The security hole discovered in AiCloud affects a wide range of models, and ASUS has already released patches for several firmware branches, including 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102.
Users are strongly recommended to update the firmware to the latest version available for their router model as soon as possible. Users of end-of-life devices are advised to: (1) disable AiCloud; and (2) disable any services that can be accessed from the Internet, such as remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE
Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…
Full article →
2025.01.24 — Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer
Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…
Full article →
2025.04.01 — Hackers abuse MU plugins to inject malicious payloads to WordPress
According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected. The technique was first discovered…
Full article →
2025.01.26 — Cisco patched a critical vulnerability in Meeting Management
Cisco released updates to fix a critical (CVSS score: 9.9) vulnerability in Meeting Management. The bug enables an unprivileged remote authenticated attacker to gain administrative privileges. The vulnerability…
Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks
Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…
Full article →
2025.03.07 — YouTube warns of scam video featuring its CEO
According to YouTube, scammers use an AI-generated video of the company's CEO in phishing attacks to steal user credentials. The scammers attack content creators by sending them…
Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.02.09 — Abandoned AWS S3 buckets could be used in attacks targeting supply chains
watchTowr discovered plenty of abandoned Amazon S3 buckets that could be used by attackers to deliver malware and backdoors to government agencies and large corporations. The researchers discovered…
Full article →
2025.03.12 — Mass exploitation of PHP-CGI vulnerability in attacks targeting Japanese companies
GreyNoise and Cisco Talos experts warn that hackers are actively exploiting CVE-2024-4577, a critical PHP-CGI vulnerability that was discovered and fixed in early June 2024. CVE-2024-457…
Full article →