Home | CIP Blog

HomeCriminal IP2025-10-14T12:08:14+09:00

Main Featured

Urgent: 3,894 SonicWall SSL VPNs Vulnerable to OVERSTEP and MFA Bypass

Multiple hacking groups have been repeatedly using SonicWall SSL VPN devices as an intrusion vector, and the security community continues to report cases where accounts protected by OTP-based multi-factor authentication (MFA) were nonetheless logged into successfully — raising growing concern about potential authentication bypasses.

All the latest news

CVE-2026-20245: Cisco Catalyst SD-WAN Manager Root Privilege Escalation Vulnerability

Criminal IP2026-06-16T15:24:49+09:00June 17th, 2026|

CVE-2026-23479 Redis RCE Vulnerability: A Two-Year Use-After-Free Flaw Discovered by AI

Criminal IP2026-06-15T15:46:54+09:00June 15th, 2026|

CVE-2026-44825: Analysis of Apache Solr Default Credential Vulnerability

Criminal IP2026-06-11T12:56:57+09:00June 11th, 2026|

Samba CVSS 10.0 Vulnerability Analysis: Why Externally Accessible SMB Services are Dangerous

Criminal IP2026-06-08T15:11:22+09:00June 8th, 2026|

The Rise of AI-Generated Phishing Sites: Analyzing Phishing Infrastructure with Criminal IP

Criminal IP2026-06-08T15:12:23+09:00June 1st, 2026|

SonicWall SSL-VPN MFA Bypass Vulnerability: The Attack Surface Between “Patched” and “Protected”

Criminal IP2026-05-27T15:04:41+09:00May 27th, 2026|

CVE-2026-41940: Analysis of the cPanel Authentication Bypass Vulnerability

Criminal IP2026-05-22T10:54:09+09:00May 21st, 2026|

CVE-2026-6644 Analysis: Command Injection Vulnerability in ASUSTOR ADM PPTP VPN Client

Criminal IP2026-05-15T09:40:46+09:00May 15th, 2026|

CVE-2026-3854: GitHub RCE Vulnerability Triggered by a Single git push

Criminal IP2026-05-13T10:43:13+09:00May 13th, 2026|

CVE-2026-42208: LiteLLM SQL Injection Vulnerability Targeting AI Gateways

Criminal IP2026-05-11T16:41:52+09:00May 11th, 2026|

Persistent Threats Beyond Patching: Analysis of the FIRESTARTER Backdoor Targeting Cisco ASA

Criminal IP2026-05-04T16:10:20+09:00May 4th, 2026|

nginx-ui MCPwn (CVE-2026-33032) Analysis: Nginx Server Compromise via Missing MCP Authentication

Criminal IP2026-04-27T10:30:28+09:00April 27th, 2026|