Ubiquiti has released emergency security updates to fix multiple critical vulnerabilities affecting its UniFi product ecosystem, including UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS. The flaws could allow attackers with network access to execute arbitrary commands, escalate privileges, perform SQL injection, exploit SSRF vulnerabilities, and make unauthorized changes to affected devices. Seven critical vulnerabilities, including the maximum severity have been addressed. Although there is currently no evidence of active exploitation, organizations are strongly advised to apply the latest patches immediately. These vulnerabilities exist due to improper access control, insufficient input validation, SQL injection weaknesses, and server-side request forgery flaws across various UniFi applications. If exploited, attackers with network access could gain elevated privileges, execute malicious commands, or compromise device integrity. The release follows recent warnings from cybersecurity agencies about previously patched UniFi vulnerabilities being actively exploited, highlighting the growing interest of threat actors in networking infrastructure and the importance of timely patch management. Organizations using Ubiquiti UniFi products should immediately update all affected applications and UniFi OS to the latest supported versions. Administrators should restrict management interface access to trusted networks, disable unnecessary remote access, continuously monitor logs for suspicious activities, and enforce strong authentication for administrative accounts. Maintaining a structured vulnerability management and patching process is essential to reduce the risk of compromise and protect critical network infrastructure from future attacks.
PromptSpy is a newly discovered Android spyware that introduces a significant change in the way mobile malware operates. Unlike traditional spyware that depends on pre-programmed i...
Microsoft has disclosed a critical remote code execution (RCE) vulnerability affecting the Chromium-based Microsoft Edge browser. The flaw, tracked as CVE-2026-45495, could allow a...
Japanese telecommunications provider KDDI has confirmed a large-scale data breach impacting more than 12 million customers after attackers compromised a shared email platform used ...