The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark advisory highlighting two severe vulnerabilities in Veeder-Root’s TLS4B Automatic Tank Gauge System, a critical tool used in fuel storage and management across the energy sector. These flaws, if exploited, could enable attackers to run arbitrary system-level commands on affected devices, potentially leading to […] The post CISA Warns Of Critical Veeder-Root Vulnerabilities Let Attackers Execute System-level Commands appeared first on Cyber Security News.

A new vulnerability in early versions of OpenVPN has been disclosed, potentially allowing malicious servers to execute arbitrary commands on client machines. The flaw affects OpenVPN releases from 2.7_alpha1 to 2.7_beta1, enabling script-injection attacks on POSIX-based systems such as Linux, macOS, and BSD variants. The issue stems from inadequate sanitization of the –dns and –dhcp-option […] The post OpenVPN Vulnerability Exposes Linux, macOS Systems to Script Injection Attacks appeared first on Cyber Security News.

The Apache Software Foundation has highlighted critical flaws in Apache Tomcat, a widely used open-source Java servlet container that powers numerous web applications. On October 27, 2025, Apache disclosed two vulnerabilities, CVE-2025-55752 and CVE-2025-55754, affecting multiple versions of Tomcat. While the first poses a risk of remote code execution (RCE) under specific configurations, the second […] The post Apache Tomcat Security Vulnerabilities Expose Servers to Remote Code Execution Attacks appeared first on Cyber Security News.

Ubiquiti’s UniFi Access application has been found vulnerable to a critical flaw that leaves its management API exposed without authentication. Discovered by Catchify Security, this issue allows malicious actors on the management network to potentially take full control of door access systems, raising alarms for organizations relying on the platform for physical security. The vulnerability […] The post Ubiquiti UniFi Door Access App Vulnerability Exposes API Management Without Authentication appeared first on Cyber Security News.

A critical vulnerability in OpenAI’s newly launched ChatGPT Atlas browser enables attackers to inject malicious instructions into ChatGPT’s memory and execute remote code on user systems. This flaw, uncovered by LayerX, exploits Cross-Site Request Forgery (CSRF) to hijack authenticated sessions, potentially infecting devices with malware or granting unauthorized access. The discovery highlights escalating risks in […] The post OpenAI Atlas Browser Vulnerability Allows Malicious Code Injection into ChatGPT appeared first on Cyber Security News.

HashiCorp has disclosed two critical vulnerabilities in its Vault software that could allow attackers to bypass authentication controls and launch denial-of-service (DoS) attacks. Published on October 23, 2025, these flaws affect both Vault Community Edition and Vault Enterprise, prompting urgent recommendations for upgrades. The issues, tracked as CVE-2025-12044 and CVE-2025-11621, stem from misconfigurations in resource […] The post HashiCorp Vault Vulnerabilities Let Attack Bypass Authentication And Trigger DoS Attack appeared first on Cyber Security News.

Dell Technologies has disclosed three critical vulnerabilities in its Storage Manager software that could allow attackers to bypass authentication, disclose sensitive information, and gain unauthorized access to systems. Announced on October 24, 2025, these flaws affect versions of Dell Storage Manager up to 20.1.21 and pose significant risks to organizations relying on the tool for […] The post Critical Dell Storage Manager Vulnerabilities Let Attackers Compromise System appeared first on Cyber Security News.

A new tool called EDR-Redir has emerged, allowing attackers to redirect or isolate the executable folders of popular Endpoint Detection and Response (EDR) solutions. Demonstrated by cybersecurity researcher TwoSevenOneT, the technique leverages Windows’ Bind Filter driver (bindflt.sys) and Cloud Filter driver (cldflt.sys) to undermine EDR protections without requiring kernel-level access. This user-mode exploit, rooted in […] The post New EDR-Redir Tool Breaks EDR Exploiting Bind Filter and Cloud Filter Driver appeared first on Cyber Security News.

A high-severity vulnerability in BIND 9 resolvers has been disclosed, potentially allowing attackers to poison caches and redirect internet traffic to malicious sites. Tracked as CVE-2025-40778, the flaw affects over 706,000 exposed instances worldwide, as identified by internet scanning firm Censys. Assigned a CVSS score of 8.6, this issue stems from BIND’s overly permissive handling […] The post 706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online – PoC Released appeared first on Cyber Security News.