QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland
Multiple vulnerabilities across QNAP’s portfolio could lead to remote code execution, information disclosure, and denial-of-service (DoS) conditions. The post QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland appeared first on SecurityWeek.
Taiwan-based QNAP Systems over the weekend rolled out patches for two dozen vulnerabilities across its product portfolio, including seven flaws demonstrated at the Pwn2Own Ireland 2025 hacking competition.
Two of the issues, tracked as CVE-2025-62840 and CVE-2025-62842, were demonstrated by Team DDOS. On the first day of the contest, the team earned a $100,000 reward for an exploit that chained a total of eight flaws impacting QNAP routers and NAS devices.
QNAP released HBS 3 Hybrid Backup Sync version 26.2.0.938 to resolve the bugs. The vendor recommends that, after updating, users change all their passwords.
Source: https://www.securityweek.com/qnap-patches-vulnerabilities-exploited-at-pwn2own-ireland/
Related breach coverage
- Orthanc DICOM Vulnerabilities Lead to Crashes, RCE2026-04-10
Attackers could exploit these vulnerabilities in denial-of-service, information disclosure, and arbitrary code execution attacks. The post Orthanc DICOM Vulnerabilities Lead to Crashes, RCE appeared first on SecurityWeek.
- Cisco Patches Critical and High-Severity Vulnerabilities2026-04-02
The bugs could lead to authentication bypass, remote code execution, information disclosure, and privilege escalation. The post Cisco Patches Critical and High-Severity Vulnerabilities appeared first on SecurityWeek.
- Cisco Patches Multiple Vulnerabilities in IOS Software2026-03-26
The high- and medium-severity flaws could lead to denial-of-service, secure boot bypass, information disclosure, and privilege escalation. The post Cisco Patches Multiple Vulnerabilities in IOS Software appeared first on SecurityWeek.
- Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster2026-04-21
The security defects could be exploited for remote code execution, OS command injection, and WAF detection bypass. The post Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster appeared first on SecurityWeek.