Home » Tags

Security

OnePlus Phones Hit by SMS Security Flaw in OxygenOS

OnePlus Phones Hit by SMS Security Flaw in OxygenOS

OnePlus Phones Hit by SMS Security Flaw in OxygenOS (TheVerge) Security researchers at Rapid7 have uncovered a serious vulnerability in OnePlus phones running OxygenOS, tracked as CVE-2025-10184. The flaw, if exploited, could allow attackers to hijack user accounts through malicious SMS messages. What’s the problem? The bug lies in OxygenOS’s built-in SMS handling system. Crafted SMS messages can trick the device into executing unintended actions. Attackers could exploit the flaw to: Bypass authentication. Hijack user accounts tied to phone numbers. Launch phishing or malware campaigns by leveraging the trusted device. This makes it especially dangerous for users who rely on SMS for two-factor authentication (2FA). ...

October 2, 2025 · 1 min · TechLife
Cisco

Cisco Warns of Zero‑Day Vulnerability Actively Exploited in iOS Software

Cisco Warns of Zero‑Day Vulnerability Actively Exploited in iOS Software Cisco has alerted users about a zero-day vulnerability (CVE‑2025‑20352) in its IOS and IOS XE software, which attackers are actively exploiting. What’s the issue? The flaw lies in the SNMP subsystem (Simple Network Management Protocol) and can be triggered via crafted SNMP packets. It’s a stack overflow bug. Severity score: 7.7 / 10 (High) If exploited: Low‑privilege attackers might trigger a Denial of Service (DoS). High‑privilege attackers (with administrative rights) could execute arbitrary code as root, fully compromising the device. Exploitation requires valid SNMP credentials (v1/v2c read-only or SNMPv3 + admin privileges). The vulnerability affects all devices running vulnerable IOS / IOS XE versions, including Meraki MS390 and Cisco Catalyst 9300 switches running Meraki CS 17. Mitigation & Patch Cisco has released a patch. Users are strongly urged to apply it immediately, as active exploitation is already occurring. There is no known full workaround. Cisco recommends using temporary mitigations: Restrict SNMP access (limit which IPs/networks can query). Use strong SNMPv3 credentials. Monitor logs for suspicious SNMP activity. Source: https://www.techradar.com/pro/security/cisco-warns-zero-day-vulnerability-exploited-in-attacks-on-ios-software ...

October 2, 2025 · 1 min · TechLife