-
A serious vulnerability in the Red Hat OpenShift AI service (RHOAI) enables attackers with minimal access to escalate privileges and take control of entire clusters. Identified as CVE-2025-10725, the flaw resides in an overly permissive ClusterRole ass…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about critical vulnerabilities in Cisco’s IOS and IOS XE Software SNMP subsystem that are actively being exploited by threat actors. CVE-2025-20352, which involves a stack…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Research has uncovered three significant vulnerabilities in Google’s Gemini AI assistant suite, dubbed the “Gemini Trifecta,” that could have allowed cybercriminals to steal users’ saved data and live location information. The v…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Three new vulnerabilities in Google’s Gemini AI assistant suite could have allowed attackers to exfiltrate users’ saved information and location data. The vulnerabilities uncovered by Tenable, dubbed the “Gemini Trifecta,” highlight how AI systems can be turned into attack vehicles, not just targets. The research exposed significant privacy risks across different components of the Gemini […] The post Google Gemini Vulnerabilities Let Attackers Exfiltrate User’s Saved Data and Location appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Organizations using VMware hypervisors face an urgent threat as a local privilege escalation zero-day, tracked as CVE-2025-41244, is under active exploitation in the wild. Both VMware Tools and VMware Aria Operations’ Service Discovery Management Pack …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Broadcom released VMSA-2025-0016 to address three key vulnerabilities affecting VMware vCenter Server and NSX products. The vulnerabilities include an SMTP header injection in vCenter (CVE-2025-41250) and two distinct username enumeration flaws in NSX …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical path traversal flaw in ZendTo has been assigned CVE-2025-34508 researchers discovered that versions 6.15–7 and prior enable authenticated users to manipulate file paths and retrieve sensitive data from the host system. This issue underscores the persistent risk in web-based file transfer applications. Path Traversal Vulnerability (CVE-2025-34508) ZendTo is a PHP-driven dropoff or pickup […] The post ZendTo Vulnerability Let Attackers Bypass Security Controls and Access Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In January 2025, Supermicro released patches addressing critical vulnerabilities in its Baseboard Management Controller (BMC) firmware validation logic. Despite these updates, subsequent research has uncovered bypass techniques that undermine signature…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released an urgent security update for its Chrome browser, addressing three high-severity vulnerabilities that could allow attackers to leak sensitive information and cause system instability. The latest Chrome version 140.0.7339.207/.208 fo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated Russian botnet operation that leveraged DNS misconfigurations and compromised MikroTik routers to deliver malware through massive spam campaigns. The discovery reveals how threat actors exploited…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
