TP-Link has acknowledged a zero-day vulnerability affecting multiple router models, which allows for remote code execution due to a stack-based buffer overflow in its CWMP implementation. While a patch is available for European models, users are advised to change default passwords and disable CWMP if not needed until more fixes are released. Additionally, CISA has warned about previously exploited vulnerabilities in TP-Link routers that have been used by threat actors for malicious activities.

A critical vulnerability in file transfer protocols has been exploited, leading the Cybersecurity and Infrastructure Security Agency (CISA) to issue an alert. The flaw allows unauthorized access and potential data breaches, prompting organizations to update their systems and mitigate risks immediately.

CISA has released an analysis detailing malware used in attacks exploiting vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), specifically an authentication bypass and a code injection issue. The vulnerabilities, already being exploited by a China-nexus espionage group, allow for arbitrary code execution and data exfiltration. CISA recommends immediate patching of affected systems and treating mobile device management solutions as high-value assets.

Hundreds of LG Innotek LNV5110R security cameras are exposed to a serious authentication bypass vulnerability that allows for unauthenticated remote code execution. Despite the discovery of the flaw, LG has stated that no patch will be provided as the product has reached its end of life.

A critical remote code execution vulnerability (CVE-2025-3248) in Langflow has been actively exploited, allowing attackers to gain full control of vulnerable servers via an unprotected API endpoint. Organizations are urged to upgrade to version 1.3.0 or later to mitigate risks, as CISA warns of the high likelihood of exploitation and the potential existence of over 500 exposed instances. Those unable to upgrade should restrict access to Langflow services immediately.

A critical vulnerability in the widely used Sudo program has been identified, allowing attackers to gain unauthorized root access on affected systems. The Cybersecurity and Infrastructure Security Agency (CISA) is urging users to apply the necessary patches to mitigate potential exploitation of this flaw. Organizations are advised to prioritize updates to prevent security breaches.

CISA has issued a warning about a high-severity arbitrary code execution vulnerability in the Git version control system, tracked as CVE-2025-48384, which is being actively exploited by hackers. Federal agencies must apply patches by September 15th or take alternative security measures. Additionally, two Citrix Session Recording vulnerabilities have also been added to the Known Exploited Vulnerabilities catalog, with the same deadline for remediation.

A vulnerability has been identified in the End-of-Train and Head-of-Train remote linking protocol, affecting multiple devices from manufacturers like Wabtec and Siemens. The weakness allows potential exploitation through weak authentication, posing risks to transportation systems. CISA recommends mitigations and encourages users to contact device manufacturers for further guidance.