All CosmicBytez Labs articles tagged #Network Security, across news, security advisories, how-to guides, and projects.
A stack-based buffer overflow flaw in HP OfficeConnect VoIP phones can be exploited remotely to achieve code execution, potentially allowing attackers to pivot into enterprise networks from compromised desk phones.
Ubiquiti has released security updates fixing three CVSS 10.0 vulnerabilities in UniFi OS that allow unauthenticated remote attackers to fully compromise...
A newly disclosed vulnerability dubbed 'Underminr' affects approximately 88 million domains and enables attackers to bypass DNS filtering tools while...
A CVSS 9.1 command injection vulnerability in UniFi OS devices allows a network-adjacent attacker with high privileges to execute arbitrary commands on...
A CVSS 10.0 improper access control flaw in UniFi OS allows any network-accessible attacker to make unauthorized changes to the underlying system with no...
A CVSS 10.0 path traversal vulnerability in UniFi OS allows an unauthenticated network attacker to read arbitrary files, including sensitive account files...
A CVSS 10.0 command injection vulnerability in UniFi OS allows any network-accessible attacker with no credentials to execute arbitrary OS commands,...
Threat actors brute-forced credentials and bypassed multi-factor authentication on SonicWall Gen6 SSL-VPN appliances to deploy ransomware tools,...
Deploy Pi-hole v6 as a network-wide DNS sinkhole backed by Unbound as a self-hosted recursive resolver — eliminating ads, trackers, and malware domains...
Cisco has patched a maximum-severity authentication bypass flaw in its Catalyst SD-WAN Controller that has already been exploited in limited attacks....
Cisco has patched CVE-2026-20182, a zero-day in Catalyst SD-WAN Manager that has been actively exploited in targeted attacks by sophisticated threat actor...
The threat group UAT-8616 is actively exploiting a new Cisco SD-WAN zero-day and has been linked to multiple prior Cisco firewall and SD-WAN vulnerability...
Fortinet has released emergency security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to...
A critical unauthenticated OS command injection vulnerability in the Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote attackers to...
Deploy Zeek (formerly Bro) on Linux to passively monitor network traffic, generate structured logs, write detection scripts, and forward data to your SIEM...
Deploy Suricata as a full-featured Network Intrusion Detection and Prevention System on Ubuntu. Covers installation, interface capture, Emerging Threats...
Security researchers at Defused Cyber and watchTowr have detected active reconnaissance targeting CVE-2026-3055, a critical CVSS 9.3 memory overread flaw...
A critical unauthenticated RCE vulnerability in F5 BIG-IP APM is being actively exploited in the wild. Malicious traffic targeting access policy virtual...
Researchers have disclosed a critical unauthenticated remote code execution vulnerability in the GNU InetUtils telnet daemon (telnetd). CVE-2026-32746...
Systematic audit checklist for network infrastructure security — firewall rules, segmentation, VPN configuration, DNS security, wireless security, and...
A maximum-severity authentication bypass in Cisco Catalyst SD-WAN (CVE-2026-20127, CVSS 10.0) has been actively exploited by threat actor UAT-8616 since...
Complete FortiGate hardening guide covering admin access lockdown, firmware management, interface hardening, DNS/NTP security, certificate management,...
Configure IPsec site-to-site VPN between FortiGate firewall and Azure VPN Gateway. Covers IKE configuration, routing, BGP, and high availability.
Configure FortiGate SSL VPN for secure remote user access. Covers portal setup, user authentication, firewall policies, and FortiClient configuration.
Implement network microsegmentation in Kubernetes with Network Policies. Covers default deny, allow rules, namespace isolation, egress policies, and debugging.
Deploy enterprise SD-WAN with FortiGate featuring dual ISP failover, performance SLAs, application steering, and Zero Trust architecture integration.
Deploy a network monitoring stack combining Zeek for protocol analysis and Suricata for intrusion detection, with ELK integration for visualization and...
Learn Python security scripting fundamentals including network scanning, log parsing, hash analysis, API integration, and automated threat detection for...
Deploy Pi-hole for network-wide ad blocking and DNS security. Includes setup, configuration, upstream DNS options, and integration with encrypted DNS.