Cyber Security Headlines TP-Link urges updates, MuddyWater espionage campaign, flaw hits Adobe Commerce
16 snips
Oct 23, 2025 TP-Link highlights critical vulnerabilities in their Omada gateways, urging users to update. The espionage campaign by MuddyWater targets various organizations using sophisticated tools. Adobe Commerce faces threats due to the SessionReaper flaw, enabling account takeovers. Meanwhile, Canada penalizes Cryptomus for crypto violations, and Meta introduces new anti-scam features on their platforms. Researchers rake in nearly $793k at Pwn2Own after unveiling multiple zero-day exploits, showcasing the ongoing battles in cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Patch Omada Gateways Now
- Update TP-Link Omada gateway firmware immediately to fix critical command-injection and root-access vulnerabilities.
- Change weak passwords and restrict management interface access to trusted networks.
Blended Tools Increase Espionage Stealth
- MuddyWater combined compromised commercial services with custom malware to run a global espionage campaign against over 100 organizations.
- Using legitimate RMM tools and credential stealers increased stealth and persistence.
Mitigate Session Reaper Attacks
- Apply Adobe Commerce emergency patches immediately to stop Session Reaper account-hijacking exploits.
- Monitor for PHP web shell probes and prioritize unpatched stores (62% still vulnerable).