Researchers found a zero-day security flaw in a family of D-Link routers that enables attackers to hijack devices and execute commands with root privileges. SSD Secure Disclosure researchers released a Proof-of-Concept (PoC) exploit for a vulnerability stemming from the handling of HNAP login requests in D-Link DIR-X4860 routers. The vulnerability can be used in a chain to take over a device. This article continues to discuss the vulnerability in the HNAP login request protocol that affects a family of D-Link routers.

Since 2005, US educational institutions have had 3,713 data breaches, affecting about 37.6 million records. According to Comparitech, 2023 saw a record 954 breaches, up from 139 in 2022 and 783 in 2021. Over 800 institutions were affected by MOVEit file transfer software vulnerabilities, causing this surge. The number of compromised records in 2023 rose to nearly 4.3 million from 2.6 million in 2021 and 2022. Third-party breaches compromised 1.7 million records, and 65 ransomware attacks compromised 1.9 million.