-
Dell Technologies has disclosed a critical security vulnerability in its Data Lakehouse platform that could allow remote attackers to escalate privileges and compromise system integrity. The flaw, tracked as CVE-2025-46608, affects all versions before 1.6.0.0 and has been assigned a CVSS score of 9.1, placing it in the critical severity category. The security flaw stems from an improper […] The post Critical Dell Data Lakehouse Vulnerability Let Remote Attacker Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released critical security patches addressing nine vulnerabilities across Community Edition (CE) and Enterprise Edition (EE), including a concerning prompt injection flaw in GitLab Duo that could expose sensitive information from confidentia…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Businesses today are dealing with faster, stealthier email threats that look routine yet unleash aggressively malicious scripts the moment a user engages. This is especially true when the lure arrives as an attachment that resembles a harmless image file. The perception gap is exactly what attackers exploit with SVG phishing, whereby what appears to be […] The post How Attackers Turn SVG Files Into Phishing Lures appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has released a warning about a serious vulnerability affecting WatchGuard Firebox security appliances. This flaw, tracked as CVE-2025-9242, potentially allows remote attackers to take control of affected systems. The security issue involves an out-of-bounds write in the device’s operating system, specifically the OS iked process. This means a […] The post CISA Warns WatchGuard Firebox Out-of-Bounds Write Vulnerability Exploited Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A vulnerability in OpenAI’s advanced video generation model, Sora 2, that enables the extraction of its hidden system prompt through audio transcripts, raising concerns about the security of multimodal AI systems. This vulnerability, detailed in a blog post by AI security firm Mindgard, demonstrates how creative prompting across text, images, video, and audio can bypass […] The post OpenAI Sora 2 Vulnerability Exposes System Prompts via Audio Transcripts appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a sophisticated malware campaign that leverages the ClickFix social engineering technique to distribute information-stealing malware across Windows and macOS platforms. The campaign demonstrates how threat actors are…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released security updates to fix a serious vulnerability in SQL Server that allows attackers to gain higher system privileges. The flaw, tracked as CVE-2025-59499, was disclosed on November 11, 2025, and affects multiple versions including SQL Server 2016, 2017, 2019, and 2022. This vulnerability stems from improper handling of special characters in SQL […] The post Microsoft SQL Server Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Dell Technologies has disclosed a critical security vulnerability affecting its Data Lakehouse platform that could allow attackers with high-level privileges to escalate their access and compromise system integrity. The flaw, tracked as CVE-2025-46608,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding federal agencies. Failing to properly patch Cisco Adaptive Security Appliances (ASA) and Firepower Threat Defense (FTD) devices against actively exploited vulnerabilities. Under Emergency Directive 25-03, CISA has identified two severe CVEs posing unacceptable risks to federal information systems: CVE-2025-20333, which enables remote […] The post CISA Warns of Federal Agencies Not Fully Patching Actively Exploited Cisco ASA or Firepower Devices appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered malware campaign is leveraging one of cybercriminals’ most effective lures cryptocurrency to distribute DarkComet RAT. This notorious remote access trojan continues to plague users despite being discontinued by its creator year…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
