Two IP cameras sold by Loftek and VStartcam are leaving over 1.3 million users open to 21 vulnerabilities that range from a lack of HTTPS encryption to bugs that open users up to cross-site request forgery attacks.
Abuse of the Docker API allows remote code execution on targeted system, which enables hackers to escalate and persists thanks to novel attacks called Host Rebinding Attack and Shadow Containers.