-
Of all the vulnerabilities that plague modern applications, Cross-Site Scripting (XSS) is one of the oldest and most persistent. Despite being a known threat for over two decades, XSS continues to appear in everything from legacy systems to new, cloud-native architectures. The Microsoft Security Response Center (MSRC) recently highlighted the enduring nature of this threat, […] The post Microsoft Confirms Over 900 XSS Vulnerabilities Found in IT Services, Ranging from Low Impact to Zero-Click appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high-severity vulnerability was identified in LangChainGo, the Go implementation of the popular LLM orchestration framework LangChain. Tracked as CVE-2025-9556, this flaw allows unauthenticated attackers to perform arbitrary file reads through maliciously crafted prompt templates, effectively exposing sensitive server files without requiring direct system access. Key Takeaways1. CVE-2025-9556, Jinja2 prompt injection enables arbitrary file reads.2. […] The post Critical LangChainGo Vulnerability Let Attackers Access Sensitive Files by Injecting Malicious Prompts appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users to manipulate configuration files without authorization. Tracked as CVE-2025-0164, the flaw stems from improper permission assignment and carries a CVSS 3.1 base score of 2.3 (AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). Key Takeaways1. CVE-2025-0164 in QRadar SIEM v7.5–7.5.0 UP13 IF01 lets privileged […] The post IBM QRadar SIEM Vulnerability Let Attackers Perform Unauthorized Actions appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability affecting FlowiseAI’s Flowise platform has been disclosed, revealing a severe authentication bypass flaw that allows attackers to perform complete account takeovers with minimal effort. The vulnerability tracked as CVE-2025-58434 impacts both cloud deployments at cloud.flowiseai.com and self-hosted installations, making it a widespread security concern for organizations using this AI agent-building platform. Key […] The post FlowiseAI Password Reset Token Vulnerability Allows Account Takeover appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly introduced feature in ChatGPT that allows it to connect with personal data applications can be exploited by attackers to exfiltrate private information from a user’s email account. The attack requires only the victim’s email address and leverages a malicious calendar invitation to hijack the AI agent. On Wednesday, OpenAI announced that ChatGPT would […] The post ChatGPT’s New Support for MCP Tools Let Attackers Exfiltrate All Private Details From Email appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A novel speculative execution attack named VMSCAPE allows a malicious virtual machine (VM) to breach its security boundaries and steal sensitive data, like cryptographic keys, directly from its host system. The vulnerability, identified as CVE-2025-40300, affects a wide range of modern processors, including all current generations of AMD Zen (1 through 5) and Intel’s Coffee […] The post New VMScape Spectre-BTI Attack Exploits Isolation Gaps in AMD and Intel CPUs appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant vulnerability has been discovered in CoreDNS that could allow attackers to disrupt services by pinning DNS cache entries, effectively creating a denial of service for updates. The flaw, residing in the CoreDNS etcd plugin stems from a critical logic error where an etcd lease ID is misinterpreted as a Time-To-Live (TTL) value, leading […] The post CoreDNS Vulnerability Let Attackers Pin DNS Cache And Deny Service Updates appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant vulnerability has been discovered in Angular’s server-side rendering (SSR) implementation that could allow attackers to access sensitive user data. The flaw, rooted in how Angular handles concurrent requests, could lead to data from one user’s session being leaked to another. The Angular team has released patches for all actively supported versions of the […] The post Angular SSR Vulnerability Lets Attackers Access Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed attack technique enables authenticated users within the popular GitOps tool ArgoCD to exfiltrate powerful Git credentials. The method, discovered by the cybersecurity research group Future Sight, exploits Kubernetes’ internal DNS resolution to intercept credentials in transit, posing a significant risk to organizations relying on the continuous delivery tool. ArgoCD, a leading project […] The post New Attack Technique That Enables Attackers To Exfiltrate Git Credentials In Argocd appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA has released a security update for its NVDebug tool to address three high-severity vulnerabilities that could allow an attacker to escalate privileges, execute code, and tamper with data. The company is urging users to immediately install the latest version of the tool to protect their systems from potential exploitation. The security advisory details three […] The post NVIDIA NVDebug Tool Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
