-
A critical security flaw in Apache Struts could allow attackers to trigger disk exhaustion attacks, rendering affected systems unusable. The vulnerability, tracked as CVE-2025-64775, stems from a file leak in multipart request processing that enables denial-of-service conditions. Apache Struts researcher discovered the vulnerability in Apache Struts’ multipart request processing mechanism. The flaw allows attackers to […] The post Apache Struts Vulnerability Let Attackers Trigger Disk Exhaustion Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered three significant vulnerabilities in OpenVPN, one of the world’s most trusted open-source virtual private network (VPN) solutions. The discovered flaws could allow attackers to crash VPN services, bypass essent…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers have uncovered a sophisticated malware campaign where threat actors weaponize trojanized installers for popular productivity applications to deploy ValleyRat, a persistent remote access tool. The operation demonstrates advanced evasion tech…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released critical security updates to address multiple zero-day vulnerabilities affecting Android devices worldwide. The December 2025 security bulletin reveals that threat actors are actively exploiting at least two of these vulnerabilities in real-world attacks, prompting urgent action from the tech giant. Critical Vulnerabilities Under Active Exploitation The two most concerning vulnerabilities being actively […] The post Google Patches Android 0-Day Vulnerabilities Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered information-stealing malware called Arkanix is rapidly evolving to target sensitive user data, including VPN credentials, system information, and wireless network passwords. Security researchers have identified this emerging threat a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated threat group operating under the name ShadyPanda has successfully compromised millions of browser users through a methodical seven-year campaign targeting popular Chrome and Edge extensions. The attack represents a significant breach of user trust, as the malicious extensions gained verified status from both Google and Microsoft, making them appear legitimate to unsuspecting users. […] The post 4.3 Million Chrome and Edge Users Hacked in 7-Year ShadyPanda Malware Campaign appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenVPN has released critical security updates for its 2.6 stable and 2.7 development branches, addressing three vulnerabilities that could lead to local denial-of-service (DoS), security bypasses, and buffer over-reads. The patches, included in the newly released version 2.6.17 and 2.7_rc3, fix issues ranging from logic errors in HMAC verification to stability flaws in the Windows […] The post OpenVPN Vulnerabilities Let Hackers Triggers Dos Attack and Bypass Security Checks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released critical security patches addressing two high-severity zero-day vulnerabilities in Android that are currently being exploited in limited, targeted attacks. The vulnerabilities, disclosed in the December 2025 Android Security Bulleti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new security flaw has been found in Apache Struts, a popular open‑source web application framework used by many companies worldwide. The issue, tracked as CVE‑2025‑64775, could allow attackers to fill a server’s disk space, causing it to stop working…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security threats rarely adhere to holiday schedules, and while developers may take time off, malicious actors are working overtime. A significant new wave of software supply chain attacks has been identified targeting the Microsoft Visual Studio Market…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
