Skip to content
July 10, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Watchtower
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • News
  • Cyber Security
  • QNAP detects a large number of ransomware attacks
  • Cyber Security

QNAP detects a large number of ransomware attacks

Do Son January 10, 2022 2 minutes read
QNAP ransomware attacks
Add Daily CyberSecurity as a preferred source on Google
QNAP, a maker of network-attached storage devices (NAS), has issued an alert saying the company has detected a large number of ransomware attacks. These cyberattacks are not currently blamed on specific or known hacker groups, and the attack methods are quite common, exploiting known vulnerabilities or brute force. According to QNAP, these attackers indiscriminately target any QNAP’s devices exposed on the public Internet. As a security suggestion, QNAP recommends users not expose the NAS to the public network.

“Your NAS is exposed to the Internet and at high risk if there shows ‘The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP’ on the dashboard.”

QNAP is currently unable to confirm the source of the attack, but QNAP said that if the device is compromised, ransomware may be installed to encrypt all user data. The attack methods are divided into brute force attack and exploiting flaws, in which brute force attack is to use scripts and password dictionaries to continuously try to test the passwords used by users.

Attackers target the devices and try to launch an attack using a vulnerability that has already been disclosed. If the user does not update the firmware in time, it may be infected.
For this reason, QNAP recommends that users upgrade the device firmware immediately and disconnect the public network connection. In theory, just disconnecting the public network connection can successfully solve most of the attacks. Of course, the most important thing is to upgrade the system firmware in time.

If your NAS is exposed to the Internet, please follow the instructions below to ensure NAS security:

Step 1: Disable the Port Forwarding function of the router

Go to the management interface of your router, check the Virtual Server, NAT or Port Forwarding settings, and disable the port forwarding setting of NAS management service port (port 8080 and 433 by default).

Step 2: Disable the UPnP function of the QNAP NAS

Go to myQNAPcloud on the QTS menu, click the “Auto Router Configuration”, and unselect “Enable UPnP Port forwarding”.

 

  • Securely access your QNAP NAS via the Internet through myQNAPcloud Link:
    https://www.qnap.com/go/solution/myqnapcloud-link/
  • Learn more about NAS remote access and network security:
    https://www.qnap.com/go/solution/secure-remote-access/

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.


We respect your inbox. Unsubscribe anytime.

Related coverage

  • Hacker group threatens to expose Nvidia driver and firmware data
  • Cybercriminals Target Gamers with Browser-in-the-Browser Phishing Attacks
  • Watch Out for Latrodectus: New Malware from Suspected IcedID Developers Targeting Businesses
  • Hamas-Linked SysJoker Backdoor: A Persistent Threat’s New Dangerous Facade
  • Greatness: A Sophisticated New Phishing-as-a-Service Revealed

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: QNAP ransomware attacks

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-1207CVSS 5.4
    An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on...
    Admin intel📅 Updated: Jul 10, 2026
  • CVE-2026-48939
    A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-56291
    The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-55255CVSS 8.4
    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-48908
    A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-56290
    The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intelCISA KEV📅 Added to KEV: Jul 7, 2026📅 Updated: Jul 3, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-61459CVSS 9.8
    MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured...
  • CVE-2026-2397CVSS 9.8
    Improper neutralization of special elements used in an SQL command ('SQL injection')...
  • CVE-2026-5801CVSS 9.8
    Improper neutralization of special elements used in an SQL command ('SQL injection')...
  • CVE-2026-59151CVSS 9.6
    Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication...
  • CVE-2026-55500CVSS 9.9
    9Router is an AI router & token saver. Prior to 0.4.80, the...
  • CVE-2026-15143CVSS 9.3
    A flaw was found in the file_type content detector of guardrails-detectors. This...
  • CVE-2026-59792CVSS 9.6
    In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal...
  • CVE-2026-61444CVSS 9.1
    PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where...
  • CVE-2026-56765CVSS 9.8
    Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes...
  • CVE-2026-56688CVSS 9.1
    Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.