Critical Cisco Wireless LAN Controllers exploit details go public

Published: June 3, 2025 Summary: A serious vulnerability (CVE‑2025‑20188, CVSS 10.0) has been published publicly, affecting Cisco Wireless LAN Controllers (WLCs) running IOS XE. Attackers can exploit a hard‑coded JWT secret to bypass authentication, allowing arbitrary file uploads and potential remote code execution. All Cisco customers using the affected WLC platforms should immediately apply the […]

Threat Modeling the Wireless Airspace in 2025

“Any Wi-Fi Attack Can Now Be a Remote Attack” By the AirEye Research TeamInspired by Mathy Vanhoef’s insights 1. Objective Wireless threats are no longer bound to physical proximity. Pre-auth vulnerabilities, beacon spoofing, and rogue access points can now be exploited remotely — even globally — thanks to cloud relays, malicious proxies, and antenna-for-hire models. […]

New Vulnerability Allows for Next Generation Rogue Access Point

By Uriya Elkayam – As part of our research, we found a vulnerability by-design in the Wi-Fi protocol that under OWE mode exposes Hidden Networks. This means that a hidden wireless network name is open to all, not just to a device attempting to access a pre-known hidden network.