Western Digital has released security updates for a critical vulnerability affecting multiple My Cloud network-attached storage (NAS) devices. The flaw, tracked as CVE-2025-30247, could allow a remote attacker to execute arbitrary code on vulnerable systems, potentially leading to a complete device takeover. The company addressed the high-severity issue in My Cloud Firmware version 5.31.108, which […] The post Critical Western Digital My Cloud NAS Devices Vulnerability Let Attackers Execute Malicious Code appeared first on Cyber Security News.

Apple has rolled out security updates across its operating systems to address a vulnerability in the Font Parser component that could allow malicious fonts to crash applications or corrupt process memory. The vulnerability, identified as CVE-2025-43400, affects a wide range of products, including the newly released macOS Tahoe and iOS 26, as well as older […] The post Apple Font Parser Vulnerability Enables Malicious Fonts to Crash or Corrupt Process Memory appeared first on Cyber Security News.

VMware has disclosed critical security vulnerabilities in vCenter Server and NSX platforms that could allow attackers to enumerate valid usernames and manipulate system notifications.  The vulnerabilities, tracked as CVE-2025-41250, CVE-2025-41251, and CVE-2025-41252, affect multiple VMware products, including Cloud Foundation, vSphere Foundation, NSX, NSX-T, and Telco Cloud platforms. Broadcom, which acquired VMware, released a security advisory […] The post VMware vCenter and NSX Vulnerabilities Let Attackers Enumerate Valid Usernames appeared first on Cyber Security News.

WhatsApp 0-click remote code execution (RCE) vulnerability affecting Apple’s iOS, macOS, and iPadOS platforms, detailed with a proof of concept demonstration. The attack chain exploits two distinct vulnerabilities, identified as CVE-2025-55177 and CVE-2025-43300, to compromise a target device without requiring user interaction. The exploit, demonstrated in a proof-of-concept (PoC) shared by the DarkNavyOrg researchers, is […] The post WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File appeared first on Cyber Security News.

A critical flaw in SUSE Rancher’s user management module allows privileged users to disrupt administrative access by modifying usernames of other accounts.  Tracked as CVE-2024-58260, this vulnerability affects Rancher Manager versions 2.9.0 through 2.12.1, enabling both username takeover and full lockout of the admin account.  Organizations running unsupported versions are urged to upgrade immediately or […] The post SUSE Rancher Vulnerabilities Let Attackers Lockout the Administrators Account appeared first on Cyber Security News.

A critical security flaw discovered in Formbricks, an open-source experience management platform, demonstrates how missing JWT signature verification can lead to complete account takeovers.  The vulnerability tracked as CVE-2025-59934 affects all versions prior to 4.0.1 and stems from improper token validation that uses jwt.decode() instead of jwt.verify(), allowing attackers to bypass authentication controls entirely. The […] The post Formbricks Signature Verification Vulnerability Let Attackers Reset User Passwords Without Authorization appeared first on Cyber Security News.

A newly discovered DLL hijacking vulnerability in Notepad++, the popular source code editor, could allow attackers to execute arbitrary code on a victim’s machine. Tracked as CVE-2025-56383, the flaw exists in version 8.8.3 and potentially affects all installed versions of the software, putting millions of users at risk. The vulnerability enables a local attacker to […] The post Notepad++ DLL Hijacking Vulnerability Let Attackers Execute Malicious Code appeared first on Cyber Security News.

A Google Project Zero researcher has detailed a novel technique for remotely leaking memory addresses on Apple’s macOS and iOS. This method can bypass a key security feature, Address Space Layout Randomization (ASLR), without relying on traditional memory corruption vulnerabilities or timing-based side-channel attacks. The research originated from a 2024 discussion within the Project Zero […] The post Google Project Zero Details ASLR Bypass on Apple Devices Using NSDictionary Serialization appeared first on Cyber Security News.

A new wave of cyberattacks targeting organizations using SonicWall firewalls has been actively deploying Akira ransomware since late July 2025. Security researchers at Arctic Wolf Labs detected a surge in this activity, which remains ongoing. Threat actors are gaining initial access through malicious SSL VPN logins, successfully bypassing multi-factor authentication (MFA), and then rapidly moving […] The post Threat Actors Exploiting SonicWall Firewalls to Deploy Akira Ransomware Using Malicious Logins appeared first on Cyber Security News.