A critical vulnerability in NVIDIA’s Merlin Transformers4Rec library (CVE-2025-23298) enables unauthenticated attackers to achieve remote code execution (RCE) with root privileges via unsafe deserialization in the model checkpoint loader.  The discovery underscores the persistent security risks inherent in ML/AI frameworks’ reliance on Python’s pickle serialization. NVIDIA Merlin Vulnerability Trend Micro’s Zero Day Initiative (ZDI) stated […] The post NVIDIA Merlin Vulnerability Allow Attacker to Achieve Remote Code Execution With Root Privileges appeared first on Cyber Security News.

A critical vulnerability in Hikvision security cameras, first disclosed in 2017, is being actively exploited by hackers to gain unauthorized access to sensitive information. SANS researchers observed a recent surge in malicious activity targeting a specific flaw, identified as CVE-2017-7921, which carries a critical severity score of 10.0 on the CVSS scale. The exploit attempts […] The post Hackers Exploiting Hikvision Camera Vulnerability to Access Sensitive Information appeared first on Cyber Security News.

A severe vulnerability in the Linux kernel’s ksmbd SMB server implementation has been disclosed, potentially allowing authenticated remote attackers to execute arbitrary code on affected systems.  The vulnerability, tracked as CVE-2025-38561 and assigned a CVSS score of 8.5, represents a significant security risk for Linux systems utilizing the kernel-based SMB server functionality. The flaw disclosed […] The post Linux Kernel ksmbd Vulnerability Allows Remote Attackers to Execute Arbitrary Code appeared first on Cyber Security News.

A severe security vulnerability in OnePlus OxygenOS has been discovered that allows any installed application to read SMS and MMS messages without requesting permission or notifying users.  The flaw, designated CVE-2025-10184, affects multiple OnePlus devices running OxygenOS versions 12 through 15, potentially compromising SMS-based multi-factor authentication (MFA) systems and exposing sensitive personal communications to unauthorized […] The post OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Permission appeared first on Cyber Security News.

A critical vulnerability in the Salesforce CLI installer (sf-x64.exe) enables attackers to achieve arbitrary code execution, privilege escalation, and SYSTEM-level access on Windows systems.  Tracked as CVE-2025-9844, the flaw stems from improper handling of executable file paths by the installer, allowing malicious files to be executed in place of legitimate binaries when the software is […] The post Salesforce CLI Installer Vulnerability Let Attackers Execute Code and Gain SYSTEM-Level Access appeared first on Cyber Security News.

Libraesva has issued an emergency patch for a significant command injection vulnerability in its Email Security Gateway (ESG) after confirming state-sponsored hackers exploited it. The flaw, identified as CVE-2025-59689, allowed attackers to execute arbitrary commands by sending a malicious email with a specially crafted compressed attachment. The company responded by deploying an automated fix to […] The post Hackers Exploiting Libraesva Email Security Gateway Vulnerability to Inject Malicious Commands appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a high-severity zero-day vulnerability in Google Chrome that is being actively exploited in attacks. The vulnerability, tracked as CVE-2025-10585, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling an urgent need for users and administrators to take action. Google has […] The post CISA Warns of Google Chrome 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Google has issued an urgent security update for its Chrome web browser to address three high-severity vulnerabilities that could allow attackers to access sensitive information or cause the system to crash. The company is advising users to update their browsers immediately to mitigate the potential risks associated with these flaws. The latest patch brings the […] The post Chrome High-severity Vulnerabilities Let Attackers Access Sensitive Data and Crash System appeared first on Cyber Security News.

SonicWall has issued an urgent firmware update, version 10.2.2.2-92sv, for its Secure Mobile Access (SMA) 100 series appliances to detect and remove known rootkit malware. The advisory, SNWLID-2025-0015, published on September 22, 2025, strongly recommends that all users of SMA 210, 410, and 500v devices apply the update immediately to protect against persistent threats. This […] The post SonicWall Releases Urgent Update to Remove Rootkit Malware ‘OVERSTEP’ from SMA Devices appeared first on Cyber Security News.

SolarWinds has released an urgent security advisory for a critical vulnerability in its Web Help Desk software that could allow an unauthenticated attacker to achieve remote code execution (RCE). The flaw, tracked as CVE-2025-26399, carries a critical severity rating of 9.8 out of 10, highlighting the severe risk it poses to affected systems. The vulnerability […] The post SolarWinds Web Help Desk Vulnerability Enables Unauthenticated RCE appeared first on Cyber Security News.