A severe vulnerability in the async-tar Rust library and its popular forks, including the widely used tokio-tar. Dubbed TARmageddon and tracked as CVE-2025-62518, the bug carries a CVSS score of 8.1, classifying it as high severity. It allows attackers to manipulate TAR archive parsing, potentially overwriting critical files like configuration scripts and triggering remote code […] The post TARmageddon Vulnerability In Rust Library Let Attackers Replace Config Files And Execute Remote Codes appeared first on Cyber Security News.

Oracle has disclosed multiple critical vulnerabilities in its Oracle VM VirtualBox virtualization software, potentially allowing attackers to achieve complete control over the VirtualBox environment. These flaws, detailed in the October 2025 Critical Patch Update (CPU), affect the Core component of VirtualBox versions 7.1.12 and 7.2.2, enabling high-privileged local attackers to compromise confidentiality, integrity, and availability […] The post Multiple Oracle VM VirtualBox Vulnerabilities Enables Complete Takeover Of VirtualBox appeared first on Cyber Security News.

The Internet Systems Consortium (ISC) disclosed three high-severity vulnerabilities in BIND 9 on October 22, 2025, potentially allowing remote attackers to conduct cache poisoning attacks or cause denial-of-service (DoS) conditions on affected DNS resolvers. These flaws, tracked as CVE-2025-8677, CVE-2025-40778, and CVE-2025-40780, primarily impact recursive resolvers used by organizations for domain name resolution, leaving authoritative […] The post Multiple BIND 9 DNS Vulnerabilities Enable Cache Poisoning and Denial Of Service Attacks appeared first on Cyber Security News.

A critical vulnerability in Smithery.ai, a popular registry for Model Context Protocol (MCP) servers. This issue could have allowed attackers to steal from over 3,000 AI servers and take API keys from thousands of users across many services. MCP powers AI apps by linking them to external tools and data, like local filesystems or remote […] The post Critical Vulnerability in MCP Server Platform Exposes 3,000+ Servers and Thousands of API Keys appeared first on Cyber Security News.

A critical argument injection flaw in three unnamed popular AI agent platforms enables attackers to bypass human approval safeguards and achieve remote code execution (RCE) through seemingly innocuous prompts. According to Trail of Bits, these vulnerabilities exploit pre-approved system commands designed for efficiency in tasks like file searches and code analysis, highlighting a widespread design […] The post Critical Argument Injection Vulnerability in Popular AI Agents Let Attackers Execute Remote Code appeared first on Cyber Security News.

China-based threat actors have exploited the critical ToolShell vulnerability in Microsoft SharePoint servers to infiltrate networks across multiple continents, targeting government agencies and critical infrastructure in a suspected espionage campaign. This vulnerability, identified as CVE-2025-53770, enables unauthenticated remote code execution and has been actively used since its disclosure in July 2025, despite Microsoft’s rapid patching […] The post Chinese Hackers Using ToolShell Vulnerability To Compromise Networks Of Government Agencies appeared first on Cyber Security News.

Oracle has disclosed two critical vulnerabilities in its E-Business Suite’s Marketing product that could hand full control to remote attackers. Dubbed CVE-2025-53072 and CVE-2025-62481, these flaws affect the Marketing Administration component and carry a perfect storm CVSS score of 9.8, marking them as among the most severe threats disclosed this year. Organizations relying on Oracle’s […] The post Critical Vulnerability In Oracle E-Business Suite’s Marketing Product Allows Full Access To Attackers appeared first on Cyber Security News.

Security flaws in Microsoft’s Azure ecosystem enable cybercriminals to create deceptive applications that imitate official services like the “Azure Portal. Varonis found that Azure’s safeguards, designed to block reserved names for cross-tenant apps, could be bypassed using invisible Unicode characters. By inserting characters like the Combining Grapheme Joiner (U+034F) between letters such as “Az͏u͏r͏e͏ ͏P͏o͏r͏t͏a͏l”, […] The post Azure Apps Vulnerability Lets Hackers Create Malicious Apps Mimicking Microsoft Teams appeared first on Cyber Security News.

The first day of Pwn2Own Ireland 2025 wrapped up with a bang, as security researchers uncovered 34 unique zero-day vulnerabilities across various smart devices. Not a single attempt failed, leading to a total payout of $522,500 in prizes. This event, held in Cork, Ireland, from October 21 to 24, brings together top hackers to test […] The post Hackers Exploited 34 Zero-Day Vulnerabilities And Earned $522,500 In Pwn2Own Ireland 2025 appeared first on Cyber Security News.

Google has swiftly addressed a high-severity flaw in its Chrome browser’s V8 JavaScript engine, releasing an emergency update to thwart potential remote code execution attacks. The vulnerability, tracked as CVE-2025-12036, stems from an inappropriate implementation within V8, the open-source JavaScript and WebAssembly engine powering Chrome’s rendering capabilities. Discovered and reported internally by Google’s AI-driven security […] The post Chrome V8 JavaScript Engine Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.