CISA has issued a critical alert regarding a severe vulnerability in Motex LANSCOPE Endpoint Manager, a popular tool for managing IT assets across networks. Dubbed an improper verification of the source of a communication channel flaw, this issue allows attackers to execute arbitrary code simply by sending specially crafted packets. The vulnerability, tracked under CVE-2025-61932, […] The post CISA Warns of Motex LANSCOPE Endpoint Manager Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Atlassian has disclosed a high-severity path traversal vulnerability in Jira Software Data Center and Server that enables authenticated attackers to arbitrarily write files to any path accessible by the Java Virtual Machine (JVM) process. This flaw, tracked as CVE-2025-22167 with a CVSS score of 8.7, affects versions from 9.12.0 through 11.0.1 and was internally discovered, […] The post Jira Software Vulnerability Let Attacker Modify Any Filesystem Path Writable By JVM process appeared first on Cyber Security News.

A severe vulnerability in the async-tar Rust library and its popular forks, including the widely used tokio-tar. Dubbed TARmageddon and tracked as CVE-2025-62518, the bug carries a CVSS score of 8.1, classifying it as high severity. It allows attackers to manipulate TAR archive parsing, potentially overwriting critical files like configuration scripts and triggering remote code […] The post TARmageddon Vulnerability In Rust Library Let Attackers Replace Config Files And Execute Remote Codes appeared first on Cyber Security News.

Oracle has disclosed multiple critical vulnerabilities in its Oracle VM VirtualBox virtualization software, potentially allowing attackers to achieve complete control over the VirtualBox environment. These flaws, detailed in the October 2025 Critical Patch Update (CPU), affect the Core component of VirtualBox versions 7.1.12 and 7.2.2, enabling high-privileged local attackers to compromise confidentiality, integrity, and availability […] The post Multiple Oracle VM VirtualBox Vulnerabilities Enables Complete Takeover Of VirtualBox appeared first on Cyber Security News.

The Internet Systems Consortium (ISC) disclosed three high-severity vulnerabilities in BIND 9 on October 22, 2025, potentially allowing remote attackers to conduct cache poisoning attacks or cause denial-of-service (DoS) conditions on affected DNS resolvers. These flaws, tracked as CVE-2025-8677, CVE-2025-40778, and CVE-2025-40780, primarily impact recursive resolvers used by organizations for domain name resolution, leaving authoritative […] The post Multiple BIND 9 DNS Vulnerabilities Enable Cache Poisoning and Denial Of Service Attacks appeared first on Cyber Security News.

A critical vulnerability in Smithery.ai, a popular registry for Model Context Protocol (MCP) servers. This issue could have allowed attackers to steal from over 3,000 AI servers and take API keys from thousands of users across many services. MCP powers AI apps by linking them to external tools and data, like local filesystems or remote […] The post Critical Vulnerability in MCP Server Platform Exposes 3,000+ Servers and Thousands of API Keys appeared first on Cyber Security News.

A critical argument injection flaw in three unnamed popular AI agent platforms enables attackers to bypass human approval safeguards and achieve remote code execution (RCE) through seemingly innocuous prompts. According to Trail of Bits, these vulnerabilities exploit pre-approved system commands designed for efficiency in tasks like file searches and code analysis, highlighting a widespread design […] The post Critical Argument Injection Vulnerability in Popular AI Agents Let Attackers Execute Remote Code appeared first on Cyber Security News.

China-based threat actors have exploited the critical ToolShell vulnerability in Microsoft SharePoint servers to infiltrate networks across multiple continents, targeting government agencies and critical infrastructure in a suspected espionage campaign. This vulnerability, identified as CVE-2025-53770, enables unauthenticated remote code execution and has been actively used since its disclosure in July 2025, despite Microsoft’s rapid patching […] The post Chinese Hackers Using ToolShell Vulnerability To Compromise Networks Of Government Agencies appeared first on Cyber Security News.

Oracle has disclosed two critical vulnerabilities in its E-Business Suite’s Marketing product that could hand full control to remote attackers. Dubbed CVE-2025-53072 and CVE-2025-62481, these flaws affect the Marketing Administration component and carry a perfect storm CVSS score of 9.8, marking them as among the most severe threats disclosed this year. Organizations relying on Oracle’s […] The post Critical Vulnerability In Oracle E-Business Suite’s Marketing Product Allows Full Access To Attackers appeared first on Cyber Security News.

Security flaws in Microsoft’s Azure ecosystem enable cybercriminals to create deceptive applications that imitate official services like the “Azure Portal. Varonis found that Azure’s safeguards, designed to block reserved names for cross-tenant apps, could be bypassed using invisible Unicode characters. By inserting characters like the Combining Grapheme Joiner (U+034F) between letters such as “Az͏u͏r͏e͏ ͏P͏o͏r͏t͏a͏l”, […] The post Azure Apps Vulnerability Lets Hackers Create Malicious Apps Mimicking Microsoft Teams appeared first on Cyber Security News.