A critical zero-day vulnerability in Oracle E-Business Suite has emerged as a significant threat to enterprise environments, with proof-of-concept (PoC) exploit code now publicly available.  CVE-2025-61882 presents a severe security risk, achieving a maximum CVSS 3.1 score of 9.8 and enabling remote code execution without authentication across multiple Oracle E-Business Suite versions. The vulnerability affects […] The post PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability appeared first on Cyber Security News.

Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used game development platform.  The flaw, designated CVE-2025-59489, exposes applications built with vulnerable Unity Editor versions to unsafe file loading attacks that could enable local code execution and privilege escalation across multiple operating systems. The vulnerability stems from […] The post Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Grafana, the popular open-source analytics and visualization platform, has once again become the target of a large‐scale, coordinated exploitation effort.  On 28 September, security researchers at GreyNoise detected a sudden spike in attempts to exploit CVE-2021-43798, a path traversal flaw that permits arbitrary file reads on unpatched instances.  Over the course of a single day, […] The post Hackers Attempting to Exploit Grafana Vulnerability that Enables Arbitrary File Reads appeared first on Cyber Security News.

A critical vulnerability has been discovered in DrayTek’s DrayOS routers, which could allow unauthenticated remote attackers to execute malicious code. The flaw, tracked as CVE-2025-10547, affects a wide range of Vigor router models, prompting administrators to apply security updates urgently. The vulnerability, detailed in security advisory DSA-2025-005 released on October 2, 2025, is classified as […] The post DrayOS Routers Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.

Google has released Chrome 141 to address 21 security vulnerabilities, including critical flaws that could allow attackers to crash browsers and potentially execute malicious code. The update, rolling out across Windows, Mac, and Linux platforms, patches several high-severity vulnerabilities that pose significant risks to user security. The most severe vulnerability addressed is CVE-2025-11205, a heap […] The post Chrome Security Update – Patch for 21 Vulnerabilities that Allows Attackers to Crash Browser appeared first on Cyber Security News.

A new ransomware strain, dubbed FunkLocker, is leveraging artificial intelligence to expedite its development, while relying on the abuse of legitimate Windows utilities to disable security defenses and disrupt systems. The ransomware, attributed to a group known as FunkSec, highlights a growing trend of threat actors using AI to piece together malware with varying degrees […] The post AI-Powered FunkLocker Ransomware Leverages Windows utilities to Disable Defenses appeared first on Cyber Security News.

Red Hat published security advisory CVE-2025-10725, detailing an Important severity flaw in the OpenShift AI Service that could enable low-privileged attackers to elevate their permissions to full cluster administrator and compromise the entire platform.  With a CVSS v3 base score of 9.9, this vulnerability poses a critical risk for organizations leveraging Red Hat OpenShift AI […] The post Red Hat Openshift AI Service Vulnerability Allow Attackers to Take Control of the Infrastructure appeared first on Cyber Security News.