-
A remote code execution vulnerability has been discovered in the Cursor AI Code Editor, enabling a malicious code repository to run code on a user’s machine upon opening automatically. The research team at Oasis Security uncovered the flaw, which bypasses typical user consent prompts by exploiting a default configuration setting in the popular editor. According […] The post Cursor AI Code Editor RCE Vulnerability Enables “autorun” of Malicious on your Machine appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released urgent security patches for its Community (CE) and Enterprise (EE) editions, addressing multiple vulnerabilities, including two high-severity flaws that could lead to Server-Side Request Forgery (SSRF) and Denial of Service (DoS) attacks. The company is strongly advising all administrators of self-managed GitLab installations to upgrade immediately to the newly released versions: 18.3.2, […] The post GitLab Patches Multiple Vulnerabilities That Enables Denial Of Service and SSRF Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security vulnerability has been found in the Google Drive Desktop application for Windows. It allows a logged-in user on a shared machine to access another user’s Drive files completely without needing their credentials. This vulnerability stems from a broken access control mechanism in how the application handles cached data. While Google Drive is widely […] The post Google Drive Desktop for Windows Vulnerability Grants Full Access to Another User’s Drive appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released patches for two significant vulnerabilities in Microsoft Office that could allow attackers to execute malicious code on affected systems. The flaws, tracked as CVE-2025-54910 and CVE-2025-54906, were disclosed on September 9, 2025, and affect various versions of the popular productivity suite. While Microsoft has assessed exploitation as “less likely” for both vulnerabilities […] The post Critical Microsoft Office Vulnerabilities Let Attackers Execute Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has addressed two significant elevation of privilege vulnerabilities affecting its Windows BitLocker encryption feature. The flaws, tracked as CVE-2025-54911 and CVE-2025-54912, were disclosed on September 9, 2025, and carry an “Important” severity rating. Both vulnerabilities could allow an authorized attacker to gain full SYSTEM privileges on a compromised machine, bypassing the security layers that […] The post Windows BitLocker Vulnerability Let Attackers Elevate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability CVE-2025-42922 has been discovered in SAP NetWeaver that allows an authenticated, low-privileged attacker to execute arbitrary code and achieve a full system compromise. The flaw resides in the Deploy Web Service upload mechanism, where insufficient access control validation permits the upload and execution of malicious files. This vulnerability poses a significant risk […] The post Critical SAP NetWeaver Vulnerability Let Attackers Execute Arbitrary Code And Compromise System appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has issued an urgent security update for the Chrome browser on Windows, Mac, and Linux, addressing a critical vulnerability that could allow attackers to execute arbitrary code remotely. Users are strongly advised to update their browsers immediately to protect against potential threats. The Stable channel has been updated to version 140.0.7339.127/.128 for Windows, 140.0.7339.132/.133 […] The post Chrome Security Update Patches Critical Remote Code Execution Vulnerability appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet has disclosed a medium-severity vulnerability in its FortiDDoS-F product line that could allow a privileged attacker to execute unauthorized commands. Tracked as CVE-2024-45325, the flaw is an OS command injection vulnerability residing within the product’s command-line interface (CLI). The vulnerability, identified as CWE-78, stems from an improper neutralization of special elements used in an […] The post FortiDDoS OS Command Injection Vulnerability Let Attackers Execute Unauthorized Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ivanti has released security updates to address two high-severity vulnerabilities in its Endpoint Manager (EPM) software that could allow remote code execution. The vulnerabilities, tracked as CVE-2025-9712 and CVE-2025-9872, affect multiple versions of the product. The company has stated that it is not aware of any active exploitation of these flaws in the wild at […] The post Critical Ivanti Endpoint Manager Vulnerabilities Let Attackers Execute Remote Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Zoom released a security update addressing multiple vulnerabilities in its software, including Zoom Workplace and various clients for Windows and macOS. The patches cover one high-severity flaw and several medium-severity issues, prompting a strong recommendation for users to update their applications immediately to safeguard against potential exploits. The most significant vulnerability fixed in this update […] The post Zoom Security Update – Patch for Multiple Vulnerabilities in Clients for Windows and macOS appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
