A high-severity vulnerability in BIND 9 resolvers has been disclosed, potentially allowing attackers to poison caches and redirect internet traffic to malicious sites. Tracked as CVE-2025-40778, the flaw affects over 706,000 exposed instances worldwide, as identified by internet scanning firm Censys. Assigned a CVSS score of 8.6, this issue stems from BIND’s overly permissive handling […] The post 706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online – PoC Released appeared first on Cyber Security News.

A significant vulnerability in OpenAI’s newly released ChatGPT Atlas browser reveals that it stores unencrypted OAuth tokens in a SQLite database with overly permissive file settings on macOS, potentially allowing unauthorized access to user accounts. This flaw, discovered by Pete Johnson just days after the browser’s October 21, 2025, launch, bypasses standard encryption practices used […] The post ChatGPT Atlas Stores OAuth Tokens Unencrypted Leads to Unauthorized Access to User Accounts appeared first on Cyber Security News.

The hacking community celebrated the end of Pwn2Own Ireland 2025. Researchers demonstrated their skills by identifying 73 unique zero-day vulnerabilities across different devices. The event, hosted by the Zero Day Initiative (ZDI), distributed a staggering $1,024,750 in prizes, highlighting the growing sophistication of cybersecurity threats and defenses. Over three days, 56 bugs were rewarded before […] The post Hackers Exploited 73 0-Day Vulnerabilities and Earned $1,024,750 appeared first on Cyber Security News.

Microsoft has rolled out an out-of-band emergency patch for a remote code execution (RCE) vulnerability affecting the Windows Server Update Services (WSUS). Identified as CVE-2025-59287, the issue stems from the deserialization of untrusted data in a legacy serialization mechanism, allowing unauthorized attackers to execute arbitrary code over the network. The patch, released on October 23, […] The post Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability appeared first on Cyber Security News.

The HP OneAgent software update has disconnected Windows devices from Microsoft Entra ID. As a result, users can no longer access their corporate identities. Version 1.2.50.9581 of the agent, pushed silently to HP’s Next Gen AI systems like the EliteBook X Flip G1i, deleted critical certificates, causing devices to drop their Entra join status overnight. […] The post HP OneAgent Update Brokes Trust And Disconnect Devices From Entra ID appeared first on Cyber Security News.

At Pwn2Own Ireland 2025, cybersecurity researchers Ben R. and Georgi G. from Interrupt Labs showcased an impressive achievement by successfully exploiting a zero-day vulnerability in the Samsung Galaxy S25. This allowed them to gain full control over the device, enabling them to activate the camera and track the user’s location. The exploit, revealed on the […] The post Hackers Exploited Samsung Galaxy S25 0-Day Vulnerability to Enable Camera and Track Location appeared first on Cyber Security News.

Hackers have begun actively targeting a critical remote code execution flaw in Adobe’s Magento e-commerce platform, putting thousands of online stores at immediate risk just six weeks after Adobe issued an emergency patch. Known as SessionReaper and tracked as CVE-2025-54236, the vulnerability allows unauthenticated attackers to hijack customer sessions and potentially execute arbitrary code, leading […] The post Hackers Exploiting Adobe Magento RCE Vulnerability Exploited in the Wild – 3 in 5 Stores Vulnerable appeared first on Cyber Security News.

CISA has issued a critical alert regarding a severe vulnerability in Motex LANSCOPE Endpoint Manager, a popular tool for managing IT assets across networks. Dubbed an improper verification of the source of a communication channel flaw, this issue allows attackers to execute arbitrary code simply by sending specially crafted packets. The vulnerability, tracked under CVE-2025-61932, […] The post CISA Warns of Motex LANSCOPE Endpoint Manager Vulnerability Exploited in Attacks appeared first on Cyber Security News.