-
Amazon has disclosed a significant security vulnerability in its WorkSpaces client for Linux that could allow unauthorized users to extract valid authentication tokens and gain unauthorized access to other users’ WorkSpaces. The vulnerability, tracked as CVE-2025-12779, affects multiple client versions and poses a direct threat to organizations relying on Amazon’s desktop-as-a-service platform for remote work […] The post Amazon WorkSpaces For Linux Vulnerability Let Attackers Extract Valid Authentication Token appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA has patched a critical vulnerability in its App for Windows that could allow local attackers to execute arbitrary code and escalate privileges on affected systems. Tracked as CVE-2025-23358, the flaw exists in the installer component. It poses a significant security risk to Windows users running the application. The vulnerability stems from a search path […] The post NVIDIA NVApp for Windows Vulnerability Let Attackers Execute Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Cisco Identity Services Engine (ISE) could allow remote attackers to crash the system through a crafted sequence of RADIUS requests. The flaw CVE-2024-20399, lies in how ISE handles repeated authentication failures from rejected endpoints, creating a denial-of-service condition that forces unexpected system restarts. The vulnerability stems from a logic error in […] The post Cisco Identity Services Engine Vulnerability Allows Attackers to Restart ISE Unexpectedly appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical remote code execution (RCE) flaw in three official extensions for Anthropic’s Claude Desktop. These vulnerabilities, affecting the Chrome, iMessage, and Apple Notes connectors, stem from unsanitized command injection and carry a high severity score of CVSS 8.9. Published and promoted directly by Anthropic at the top of their extension marketplace, the flaws could […] The post Critical RCE Vulnerabilities in Claude Desktop Let Attackers Execute Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has disclosed multiple critical vulnerabilities in Unified Contact Center Express (CCX) that allow unauthenticated remote attackers to execute malicious code and escalate privileges. The vulnerabilities affect the Java Remote Method Invocation (RMI) process and authentication mechanisms, potentially compromising entire contact center deployments. RCE and Authentication Bypass Vulnerability The primary vulnerability, CVE-2025-20354, has a critical […] The post Cisco Unified Contact Center Express Vulnerabilities Let Remote Attacker Execute Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Django, one of the most popular Python web development frameworks, has disclosed two critical security vulnerabilities that could allow attackers to execute SQL injection attacks and launch denial-of-service attacks. The vulnerabilities, identified as CVE-2025-64458 and CVE-2025-64459, affect core components of the framework and require immediate attention from developers using Django in their applications. The more […] The post Multiple Django Vulnerabilities Enable SQL injection and DoS Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has confirmed that threat actors are actively exploiting a critical remote code execution (RCE) flaw in its Secure Firewall Adaptive Security Appliance (ASA) and Threat Defense (FTD) software. First disclosed on September 25, 2025, the vulnerability tracked as CVE-2025-20333 poses a severe risk to organizations relying on these firewalls for VPN access. With a […] The post Cisco Warns of Hackers Actively Exploiting ASA and FTD 0-day RCE Vulnerability in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency has issued a critical warning regarding a newly identified vulnerability affecting Gladinet CentreStack and Triofox platforms. The flaw, tracked as CVE-2025-11371, exposes sensitive system files and directories to unauthorized external access, potentially compromising organizations relying on these file-sharing solutions for business operations. These files or directories accessible to external […] The post CISA Warns of Gladinet CentreStack and Triofox Files Vulnerability Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has rolled out an urgent security patch for its Chrome browser, addressing five vulnerabilities that could enable attackers to execute malicious code remotely. The update, version 142.0.7444.134/.135 for Windows, 142.0.7444.135 for macOS, and 142.0.7444.134 for Linux, targets critical flaws in core components like WebGPU and the V8 JavaScript engine. The patch arrives amid heightened […] The post Chrome Emergency Update to Patch Multiple Vulnerabilities that Enable Remote Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A privilege escalation flaw in Windows Cloud Files Mini Filter Driver has been discovered, allowing local attackers to bypass file write protections and inject malicious code into system processes. Security researchers have uncovered CVE-2025-55680, a high-severity privilege-escalation vulnerability in the Windows Cloud Files Mini Filter Driver. The flaw exists in the Cloud Files Filter (cldsync.sys) […] The post Windows Cloud Files Mini Filter Driver Vulnerability Exploited to Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
