WhatsApp Desktop users who have Python installed on their Windows PCs are at risk of arbitrary code execution due to a flaw in how the application handles Python archive files.  A maliciously crafted .pyz file can be executed with a single click, granting attackers full control over the victim’s system. Meta has yet to classify this […] The post WhatsApp Desktop Users At Risk of Code Execution Attacks with Python on Windows PCs appeared first on Cyber Security News.

Google has disclosed a critical zero-day vulnerability in the V8 JavaScript engine used by Chrome, tracked as CVE-2025-5419.  Before a patch could be rolled out to all users, proof-of-concept (PoC) exploit code had been published, and active exploitation had been observed in targeted campaigns.  Key Takeaways1. CVE-2025-5419 lets attackers exploit V8 OOB read/write for remote […] The post PoC Exploit Released for Chrome 0-Day Vulnerability Exploited in the Wild appeared first on Cyber Security News.

CISA has issued a critical alert regarding three newly identified vulnerabilities being actively exploited by threat actors. On August 25, 2025, CISA added these high-risk Common Vulnerabilities and Exposures (CVEs) to its Known Exploited Vulnerabilities (KEV) Catalog, signaling immediate concern for federal agencies and private organizations alike. Key Takeaways1. CISA added two Citrix Session Recording […] The post CISA Warns of Citrix RCE and Privilege Escalation Vulnerabilities Exploited in Attacks appeared first on Cyber Security News.

A critical security vulnerability has been discovered in Zendesk’s Android SDK implementation that allows attackers to perform mass account takeovers without any user interaction.  The flaw, which earned a $3,000 bug bounty payout, stems from predictable token generation mechanisms that enable unauthorized access to all Zendesk support tickets across affected organizations. Key Takeaways1. Predictable JWT […] The post 0-Click Zendesk Account Takeover Vulnerability Enables Access to all Zendesk Tickets appeared first on Cyber Security News.

A comprehensive security analysis of vtenext CRM version 25.02 has revealed multiple critical vulnerabilities that allow unauthenticated attackers to bypass authentication mechanisms through three distinct attack vectors, ultimately leading to remote code execution on target systems.  The Italian CRM solution, utilized by numerous small and medium enterprises across Italy, faces significant security exposure despite attempted […] The post Multiple vtenext Vulnerabilities Let Attackers Bypass Authentication and Execute Remote Codes appeared first on Cyber Security News.

CISA has issued an urgent warning regarding a critical zero-day vulnerability affecting Apple’s iOS, iPadOS, and macOS operating systems that threat actors are actively exploiting.  The vulnerability, tracked as CVE-2025-43300, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling immediate action is required from organizations and individual users to protect their systems from […] The post CISA Warns of Apple iOS, iPadOS, and macOS 0-day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A newly disclosed vulnerability in Docker Desktop for Windows has revealed how a simple Server-Side Request Forgery (SSRF) attack could lead to complete host system compromise.  CVE-2025-9074, discovered by Felix Boulet and reported on August 21, 2025, affects all Docker Desktop versions prior to 4.44.3 and demonstrates how container isolation can be completely bypassed through […] The post Windows Docker Desktop Vulnerability Leads to Full Host Compromise appeared first on Cyber Security News.