A severe vulnerability in the Linux kernel’s ksmbd SMB server implementation has been disclosed, potentially allowing authenticated remote attackers to execute arbitrary code on affected systems.  The vulnerability, tracked as CVE-2025-38561 and assigned a CVSS score of 8.5, represents a significant security risk for Linux systems utilizing the kernel-based SMB server functionality. The flaw disclosed […] The post Linux Kernel ksmbd Vulnerability Allows Remote Attackers to Execute Arbitrary Code appeared first on Cyber Security News.

A severe security vulnerability in OnePlus OxygenOS has been discovered that allows any installed application to read SMS and MMS messages without requesting permission or notifying users.  The flaw, designated CVE-2025-10184, affects multiple OnePlus devices running OxygenOS versions 12 through 15, potentially compromising SMS-based multi-factor authentication (MFA) systems and exposing sensitive personal communications to unauthorized […] The post OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Permission appeared first on Cyber Security News.

A critical vulnerability in the Salesforce CLI installer (sf-x64.exe) enables attackers to achieve arbitrary code execution, privilege escalation, and SYSTEM-level access on Windows systems.  Tracked as CVE-2025-9844, the flaw stems from improper handling of executable file paths by the installer, allowing malicious files to be executed in place of legitimate binaries when the software is […] The post Salesforce CLI Installer Vulnerability Let Attackers Execute Code and Gain SYSTEM-Level Access appeared first on Cyber Security News.

Libraesva has issued an emergency patch for a significant command injection vulnerability in its Email Security Gateway (ESG) after confirming state-sponsored hackers exploited it. The flaw, identified as CVE-2025-59689, allowed attackers to execute arbitrary commands by sending a malicious email with a specially crafted compressed attachment. The company responded by deploying an automated fix to […] The post Hackers Exploiting Libraesva Email Security Gateway Vulnerability to Inject Malicious Commands appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a high-severity zero-day vulnerability in Google Chrome that is being actively exploited in attacks. The vulnerability, tracked as CVE-2025-10585, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling an urgent need for users and administrators to take action. Google has […] The post CISA Warns of Google Chrome 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Google has issued an urgent security update for its Chrome web browser to address three high-severity vulnerabilities that could allow attackers to access sensitive information or cause the system to crash. The company is advising users to update their browsers immediately to mitigate the potential risks associated with these flaws. The latest patch brings the […] The post Chrome High-severity Vulnerabilities Let Attackers Access Sensitive Data and Crash System appeared first on Cyber Security News.

SonicWall has issued an urgent firmware update, version 10.2.2.2-92sv, for its Secure Mobile Access (SMA) 100 series appliances to detect and remove known rootkit malware. The advisory, SNWLID-2025-0015, published on September 22, 2025, strongly recommends that all users of SMA 210, 410, and 500v devices apply the update immediately to protect against persistent threats. This […] The post SonicWall Releases Urgent Update to Remove Rootkit Malware ‘OVERSTEP’ from SMA Devices appeared first on Cyber Security News.

SolarWinds has released an urgent security advisory for a critical vulnerability in its Web Help Desk software that could allow an unauthenticated attacker to achieve remote code execution (RCE). The flaw, tracked as CVE-2025-26399, carries a critical severity rating of 9.8 out of 10, highlighting the severe risk it poses to affected systems. The vulnerability […] The post SolarWinds Web Help Desk Vulnerability Enables Unauthenticated RCE appeared first on Cyber Security News.

A critical security flaw in Libraesva ESG email security gateways has been identified and patched, allowing threat actors to execute arbitrary commands through specially crafted email attachments.  The vulnerability, tracked as CVE-2025-59689, affects multiple versions of the popular email security platform and has already been exploited by what security researchers believe to be a foreign […] The post Libraesva ESG Vulnerability Let Attackers Inject Malicious Commands appeared first on Cyber Security News.