The critical vulnerabilities affect Chrome’s WebML component and they have been reported by anonymous researchers.

The post Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 appeared first on SecurityWeek.

Cybersecurity researchers have identified five critical vulnerabilities in the TP-Link Archer AX53 v1.0 router that could allow attackers to take full control of affected devices.

These flaws pose serious risks, including unauthorized access, data theft, and disruption of network services.

Routers act as the central gateway for internet traffic in homes and small businesses. If compromised, attackers can monitor communications, manipulate network settings, and potentially gain access to connected devices. This makes router vulnerabilities particularly dangerous.

The newly discovered issues affect several core components of the router, including server functions, DNS services, and VPN modules.

Although exploitation requires local network access, the severity of the flaws makes them a high-priority concern.

Command Injection Vulnerabilities

Two of the most critical flaws are command injection vulnerabilities that allow attackers to execute system-level commands.

Tracked as CVE-2026-30815, one vulnerability impacts the OpenVPN module. It enables an authenticated attacker to inject malicious commands into the system, potentially altering configurations and compromising the device.

Another flaw, CVE-2026-30818, affects the dnsmasq module and carries similar risks. Attackers can execute arbitrary code and manipulate network behavior.

Both vulnerabilities have been assigned a CVSS score of 8.5, indicating high severity. Successful exploitation effectively gives attackers full control over the router and the data passing through it.

Researchers also discovered a stack-based buffer overflow vulnerability, tracked as CVE-2026-30814, in the tmpServer module.

This flaw allows attackers to send specially crafted configuration files that exceed memory limits, causing the router to crash or become unstable.

In more advanced attacks, this issue could be leveraged to execute malicious code on the device.

The vulnerability has a CVSS score of 7.3 and can lead to denial-of-service conditions or deeper system compromise.

In addition to takeover risks, two medium-severity vulnerabilities expose sensitive data stored on the router.

CVE-2026-30816 and CVE-2026-30817 affect the OpenVPN and dnsmasq modules due to improper file access restrictions. These flaws allow attackers with local access to read arbitrary files from the device.

By exploiting these weaknesses, attackers can retrieve configuration data and other sensitive information, potentially aiding further attacks.

Affected Devices and Mitigation

These vulnerabilities impact TP-Link Archer AX53 v1.0 routers running firmware versions earlier than 1.7.1 Build 20260213.

While this specific model is not sold in the United States, it is widely used in other regions.

Users are strongly advised to update their router firmware immediately by downloading the latest version from the official TP-Link support website. Applying patches is essential to prevent exploitation.

Failing to update leaves devices exposed to local network attacks, which can escalate into full system compromise and data breaches.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Multiple TP-Link Vulnerabilities Allow Attackers to Seize Full Device Control appeared first on Cyber Security News.

A financially motivated hacking group is targeting Canadian employees with a sophisticated campaign designed to covertly redirect their salary payments into attacker-controlled bank accounts, Microsoft researchers discovered. SEO poisoning and malvertising + phishing + AiTM The group, which Microsoft tracks as Storm-2755, begins by poisoning search engine results and running malicious ads against generic queries like “Office 365”, or even common misspellings like “Office 265.” Victims who click through land on a convincing but fake … More →

The post Poisoned “Office 365” search results lead to stolen paychecks appeared first on Help Net Security.

Forget about investment value! Call it a 'strategic enabler for enterprise‑wide transformation,' says KPMG

Most UK business leaders will keep AI at the top of their spending priorities, with 65 percent planning to maintain investment whether they see immediate measurable returns or not.…