Microsoft has patched a critical flaw in its Remote Desktop Client that could allow attackers to execute malicious code on victims’ systems. Disclosed on October 14, 2025, as CVE-2025-58718, the vulnerability stems from a use-after-free error, earning an “Important” severity rating. While not yet exploited in the wild, security experts warn that it poses a […] The post Windows Remote Desktop Client Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

Google has rolled out an urgent security update for its Chrome browser, addressing a high-severity use-after-free vulnerability that could allow attackers to execute arbitrary code on users’ systems. The patch is included in version 141.0.7390.107 for Linux and 141.0.7390.107/.108 for Windows and macOS, which began deploying to the Stable channel this week. Full release notes […] The post Chrome Use After Free Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Fortinet has issued an urgent advisory revealing a critical weakness in its FortiPAM and FortiSwitch Manager products that could allow attackers to sidestep authentication entirely through brute-force methods. Tracked as CVE-2025-49201, the flaw stems from a weak authentication mechanism in the Web Application Delivery (WAD) and Graphical User Interface (GUI) components, classified under CWE-1390. With […] The post FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process appeared first on Cyber Security News.

Fortinet disclosed a high-severity vulnerability in its FortiOS operating system on October 14, 2025, that could enable local authenticated attackers to execute arbitrary system commands. Tracked as CVE-2025-58325, the flaw stems from an incorrect provision of specified functionality (CWE-684) in the CLI component, potentially leading to privilege escalation. With a CVSS v3.1 score of 7.8 […] The post FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands appeared first on Cyber Security News.

Hackers can exploit vulnerabilities in signed UEFI shells to bypass Secure Boot protections on over 200,000 Framework laptops and desktops. According to Eclypsium, these vulnerabilities expose fundamental flaws in how modern systems trust boot components, potentially enabling persistent malware infections that evade detection. Disclosed recently to Framework, the issues stem from legitimate diagnostic tools that, […] The post UEFI Shell Vulnerabilities Could Allow Hackers to Bypass Secure Boot on 200,000+ Laptops appeared first on Cyber Security News.

Pixnapping, a novel class of side-channel attacks targeting Android devices that can covertly extract sensitive screen data, including two-factor authentication (2FA) codes from Google Authenticator in under 30 seconds. This exploit leverages Android’s core APIs and a hardware vulnerability in graphics processing units (GPUs), affecting nearly all modern Android phones without requiring special permissions, researchers […] The post New Pixnapping Attack Steals 2FA Codes From Google Authenticator Within 30 Seconds appeared first on Cyber Security News.

Ivanti has disclosed 13 vulnerabilities in its Endpoint Manager (EPM) software, including two high-severity flaws that could enable remote code execution and privilege escalation, urging customers to apply mitigations while patches remain in development. The announcement comes amid growing scrutiny of enterprise management tools, as attackers increasingly target them for supply chain compromises. Although no […] The post Ivanti Patches 13 Vulnerabilities in Endpoint Manager Allowing Remote Code Execution appeared first on Cyber Security News.

A critical vulnerability in the widely used Sudo utility has come under scrutiny following the public release of a proof-of-concept exploit, raising alarms for Linux system administrators worldwide. CVE-2025-32463 targets the chroot feature in Sudo versions 1.9.14 through 1.9.17, enabling local attackers to escalate privileges to root level with minimal effort. Discovered by security researcher […] The post New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability appeared first on Cyber Security News.