Artificial intelligence systems can automatically generate functional exploits for newly published Common Vulnerabilities and Exposures (CVEs) in just 10-15 minutes at approximately $1 per exploit.  This breakthrough significantly compresses the traditional “grace period” that defenders typically rely on to patch vulnerabilities before working exploits become available. The research, conducted by security experts Efi Weiss and […] The post AI Systems Can Generate Working Exploits for Published CVEs in 10-15 Minutes appeared first on Cyber Security News.

A critical vulnerability in OpenAI’s latest flagship model, ChatGPT-5, allows attackers to sidestep its advanced safety features using simple phrases. The flaw, dubbed “PROMISQROUTE” by researchers at Adversa AI, exploits the cost-saving architecture that major AI vendors use to manage the immense computational expense of their services. The vulnerability stems from an industry practice that […] The post ChatGPT-5 Downgrade Attack Let Hackers Bypass AI Security With Just a Few Words appeared first on Cyber Security News.

Mozilla has released Firefox 142 to address multiple high-severity security vulnerabilities that could allow attackers to execute arbitrary code remotely on affected systems.  The security advisory, published on August 19, 2025, reveals nine distinct vulnerabilities ranging from sandbox escapes to memory safety bugs, with several classified as high-impact threats capable of enabling remote code execution […] The post Mozilla High Severity Vulnerabilities Enables Remote Code Execution appeared first on Cyber Security News.

A critical pre-handshake vulnerability in the LSQUIC QUIC implementation that allows remote attackers to crash servers through memory exhaustion attacks.  The vulnerability, designated CVE-2025-54939 and dubbed “QUIC-LEAK,” affects the second most widely used QUIC implementation globally, potentially impacting over 34% of HTTP/3-enabled websites that rely on LiteSpeed technologies. Key Takeaways1. CVE-2025-54939 allows remote DoS via […] The post New QUIC-LEAK Vulnerability Let Attackers Exhaust Server Memory and Trigger DoS Attack appeared first on Cyber Security News.

A series of critical vulnerabilities across multiple internal Intel websites allowed for the complete exfiltration of the company’s global employee database and access to confidential supplier information. The flaws, stemming from basic security oversights, exposed the personal details of over 270,000 Intel employees and workers. The investigation from Eaton Works revealed that at least four […] The post Intel Websites Exploited to Hack Every Intel Employee and View Confidential Data appeared first on Cyber Security News.

A critical vulnerability in the Linux kernel’s netfilter ipset subsystem has been discovered that allows local attackers to escalate privileges to root-level access.  The flaw, identified in the bitmap:ip implementation within the ipset framework, stems from insufficient range validation when processing CIDR notation in IP address ranges.  This missing bounds check enables attackers to trigger […] The post Linux Kernel Netfilter Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Over 1,000 exposed and unpatched N-able N-central Remote Monitoring and Management (RMM) servers are vulnerable to two newly disclosed zero-day vulnerabilities – CVE-2025-8875 and CVE-2025-8876.  As of August 15, 2025, exactly 1,077 unique IPs have been identified as running outdated N-central versions, presenting a significant risk to managed service providers (MSPs) and their clients.  These […] The post 1000+ Exposed N-able N-central RMM Servers Unpatched for 0-Day Vulnerabilities appeared first on Cyber Security News.