-
A critical security flaw has been found in the on-premise edition of LANSCOPE Endpoint Manager that could let attackers run malicious code on vulnerable machines. The issue, tracked as CVE-2025-61932, involves a remote code execution vulnerability in t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Amazon Web Services experienced a significant service disruption in its US-EAST-1 region that lasted nearly 24 hours, affecting over 140 services and causing widespread issues for customers worldwide. The outage began late on October 19, 2025, and was …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Zyxel’s ATP and USG series firewalls that allows attackers to bypass authorization controls and access sensitive system configurations. Dubbed CVE-2025-9133, this flaw affects devices running firmware versions up to V5.40(ABPS.0) and enables unauthorized viewing and downloading of configs even during the two-factor authentication (2FA) process. Disclosed on August 14, 2025, the […] The post ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
From May to August 2025, an advanced persistent threat group known as Cavalry Werewolf—also tracked as YoroTrooper and Silent Lynx—executed a sophisticated attack campaign targeting Russia’s public sector and vital industries such as energy, mining, an…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a serious security flaw in ASP.NET Core that enables authenticated attackers to smuggle HTTP requests and evade critical protections. Tracked as CVE-2025-55315, the vulnerability stems from inconsistent handling of HTTP requests, a classic issue known as HTTP request/response smuggling. Released on October 14, 2025, this flaw affects developers relying on the popular […] The post Critical ASP.NET Vulnerability Allows Attacker To Bypass Security Feature Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Kaspersky have uncovered a sophisticated supply chain attack targeting the npm ecosystem, where threat actors distributed the AdaptixC2 post-exploitation framework through a malicious package disguised as a legitimate proxy…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Oracle E-Business Suite vulnerability to its Known Exploited Vulnerabilities catalog after detecting active exploitation in the wild. The security flaw, tracked as CVE-202…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Pakistan-based advanced persistent threat group APT36, also known as TransparentTribe, is actively targeting Indian government entities with a sophisticated spear-phishing campaign using email lures themed as “NIC eEmail Services.” This campaign levera…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Microsoft Windows Server Message Block (SMB) vulnerability to its Known Exploited Vulnerabilities catalog, warning that threat actors are actively exploiting the security …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Russian state-sponsored threat actor COLDRIVER, long known for targeting high-profile NGOs, policy advisors, and dissidents, has been linked to a rapidly evolving malware campaign following the public disclosure of its LOSTKEYS malware in May 2025. Aft…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
