The OpenSSL Project has released a critical security advisory, addressing three significant vulnerabilities that could allow attackers to execute remote code and potentially recover private cryptographic keys.  These flaws affect multiple OpenSSL versions across different platforms and could lead to memory corruption, denial of service attacks, and unauthorized access to sensitive cryptographic materials. The most […] The post OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely appeared first on Cyber Security News.

CISA has issued an urgent advisory regarding a critical vulnerability in the Linux and Unix sudo utility CVE-2025-32463 that is currently being exploited in the wild.  This flaw allows local adversaries to bypass access controls and execute arbitrary commands as the root user, even without explicit sudoers privileges. Sudo Chroot Bypass (CVE-2025-32463) Identified as “Inclusion […] The post CISA Warns of Linux Sudo Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

A security vulnerability in Tesla’s Telematics Control Unit (TCU) allowed attackers with physical access to bypass security measures and gain full root-level code execution. The flaw stemmed from an incomplete lockdown of the Android Debug Bridge (ADB) on an external Micro USB port, enabling a physically present attacker to compromise the vehicle’s TCU. Tesla has […] The post Tesla’s Telematics Control Unit Vulnerability Let Attackers Gain Code Execution as Root appeared first on Cyber Security News.

VMware has released an advisory to address three high-severity vulnerabilities in VMware Aria Operations, VMware Tools, VMware Cloud Foundation, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure.  Disclosed on 29 September 2025, the advisory covers CVE-2025-41244, CVE-2025-41245, and CVE-2025-41246 with CVSSv3 base scores ranging from 4.9 to 7.8.  Administrators must apply the patched versions […] The post VMware Tools and Aria Operations Vulnerabilities Let Attackers Escalate Privileges to Root appeared first on Cyber Security News.

Western Digital has released security updates for a critical vulnerability affecting multiple My Cloud network-attached storage (NAS) devices. The flaw, tracked as CVE-2025-30247, could allow a remote attacker to execute arbitrary code on vulnerable systems, potentially leading to a complete device takeover. The company addressed the high-severity issue in My Cloud Firmware version 5.31.108, which […] The post Critical Western Digital My Cloud NAS Devices Vulnerability Let Attackers Execute Malicious Code appeared first on Cyber Security News.

Apple has rolled out security updates across its operating systems to address a vulnerability in the Font Parser component that could allow malicious fonts to crash applications or corrupt process memory. The vulnerability, identified as CVE-2025-43400, affects a wide range of products, including the newly released macOS Tahoe and iOS 26, as well as older […] The post Apple Font Parser Vulnerability Enables Malicious Fonts to Crash or Corrupt Process Memory appeared first on Cyber Security News.

VMware has disclosed critical security vulnerabilities in vCenter Server and NSX platforms that could allow attackers to enumerate valid usernames and manipulate system notifications.  The vulnerabilities, tracked as CVE-2025-41250, CVE-2025-41251, and CVE-2025-41252, affect multiple VMware products, including Cloud Foundation, vSphere Foundation, NSX, NSX-T, and Telco Cloud platforms. Broadcom, which acquired VMware, released a security advisory […] The post VMware vCenter and NSX Vulnerabilities Let Attackers Enumerate Valid Usernames appeared first on Cyber Security News.