-
A path traversal vulnerability discovered in Docker Compose allows attackers to write arbitrary files to host systems through specially crafted OCI artifacts. Tracked as CVE-2025-62725, the flaw was discovered in early October 2025 and carries a high s…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Tata Motors, India’s largest automaker and a major player in the global automotive industry, suffered a catastrophic data exposure that revealed over 70 terabytes of sensitive information through multiple security failures. The breaches, discover…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has added two critical vulnerabilities affecting Dassault Systèmes DELMIA Apriso to its Known Exploited Vulnerabilities catalog, warning that threat actors are actively exploiting these security flaws in real-world attacks. The alert, issued on October 28, 2025, requires federal agencies to implement mitigations by November 18, 2025, while urging all organizations using the affected software […] The post CISA Warns of Dassault Systèmes Vulnerabilities Actively Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding two severe vulnerabilities discovered in Dassault Systèmes DELMIA Apriso, a widely used manufacturing execution system. The agency has added thes…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A threat actor has claimed responsibility for breaching HSBC USA, alleging possession of a vast database containing sensitive customer personal identifiable information (PII) and financial details. The hacker posted screenshots and data samples on a dark web leak forum, asserting the breach involved coordinated efforts to extract records from the bank’s systems. This incident, reported […] The post Hackers Allegedly Claim Breach Of HSBC USA Customers’ Records Including Financial Details appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated supply chain attack involving ten malicious npm packages that execute automatically upon installation and deploy a comprehensive credential theft operation. The malware uses advanced obfuscation techniques, social engineering tactics, a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A vulnerability in Google Messages on Wear OS devices allows any installed app to silently send SMS, MMS, or RCS messages on behalf of the user. Dubbed CVE-2025-12080, the issue stems from improper handling of ACTION_SENDTO intents using URI schemes like sms:, smsto:, mms:, and mmsto:. This misconfiguration bypasses user confirmation and permission checks, enabling […] The post Google Wear OS Message App Vulnerability Let Any Installed App To Send SMS Behalf Of User appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Beast ransomware group has emerged as a significant threat in the cybersecurity landscape, evolving from the Monster ransomware strain to establish itself as a formidable Ransomware-as-a-Service operation. Officially launched in February 2025, the group rapidly expanded their infrastructure by deploying a Tor-based data leak site in July, solidifying their presence in the underground ransomware […] The post New Beast Ransomware Actively Scans for Active SMB Port from Breached System to Spread Across Network appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated ransomware operation known as Beast has emerged as a significant cybersecurity threat, employing aggressive network propagation tactics that leverage Server Message Block (SMB) port scanning to infiltrate and encrypt systems across ente…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Magento, the popular e-commerce platform, is now rebranded as Adobe Commerce. Dubbed SessionReaper and tracked as CVE-2025-54236, this improper input validation flaw allows attackers to hijack user sessions and, in some cases, execute malicious code remotely. The discovery highlights the ongoing risks to online retailers, with over 250 Magento stores reportedly […] The post Magento Input Validation Vulnerability Exploited In Wild To Hijack Session And Execute Malicious Codes appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
