Google Chrome’s V8 JavaScript engine has been compromised by a critical type confusion zero-day vulnerability, designated CVE-2025-10585, marking the sixth actively exploited Chrome zero-day discovered in 2025.  This high-severity flaw, with an estimated CVSS 3.1 score of 8.8, enables remote code execution through sophisticated memory corruption techniques that bypass Chrome’s sandbox protections. The vulnerability exploits […] The post Chrome Type Confusion 0-Day Vulnerability Code Analysis Released appeared first on Cyber Security News.

CISA issued a warning of two critical path traversal flaws in Delta Electronics’ DIALink industrial control system software.  With a maximum CVSS v4 base score of 10.0, these vulnerabilities could be exploited remotely with low attack complexity to bypass authentication and gain unauthorized access to critical manufacturing environments. Delta Electronics Path Traversal Flaws Delta Electronics […] The post CISA Warns of Delta Electronics Vulnerabilities Let Attackers Bypass Authentication appeared first on Cyber Security News.

A deserialization flaw in the License Servlet component of Fortra GoAnywhere Managed File Transfer (MFT) platform. Identified as CVE-2025-10035, this vulnerability permits an unauthenticated attacker who can deliver a forged license response signature to trigger Java deserialization of attacker-supplied objects, potentially resulting in arbitrary command execution and full system compromise. Deserialization Flaw (CVE-2025-10035) GoAnywhere MFT’s […] The post Critical GoAnywhere MFT Platform Vulnerability Exposes Enterprises to Remote Exploitation appeared first on Cyber Security News.

A newly disclosed flaw in HubSpot’s open-source Jinjava template engine could allow attackers to bypass sandbox restrictions and achieve remote code execution (RCE) on thousands of websites relying on versions prior to 2.8.1.  Tracked as CVE-2025-59340 and rated Critical with a CVSS v3.1 score of 10.0, the issue stems from JavaType‐based deserialization, enabling threat actors […] The post HubSpot’s Jinjava Engine Vulnerability Exposes Thousands of Websites to RCE Attacks appeared first on Cyber Security News.

A zero-click vulnerability discovered in ChatGPT’s Deep Research agent allowed attackers to exfiltrate sensitive data from a user’s Gmail account without any user interaction. The flaw, which OpenAI has since patched, leveraged a sophisticated form of indirect prompt injection hidden within an email, tricking the agent into leaking personal information directly from OpenAI’s cloud infrastructure. […] The post 0-Click ChatGPT Agent Vulnerability Allows Sensitive Data Exfiltration from Gmail appeared first on Cyber Security News.

A critical vulnerability in Microsoft’s Entra ID could have allowed an attacker to gain complete administrative control over any tenant in Microsoft’s global cloud infrastructure. The flaw, now patched, was discovered in July 2025 and has been assigned CVE-2025-55241. The vulnerability, described by the researcher as the most impactful he will probably ever find, resided […] The post Critical Microsoft’s Entra ID Vulnerability Allows Attackers to Gain Complete Administrative Control appeared first on Cyber Security News.

PureVPN’s Linux clients leak users’ IPv6 addresses when Wi-Fi reconnections or system resumes occur, and also obliterate host firewall rules without restoring them upon disconnect.  This undermines privacy guarantees and leaves systems more exposed than before VPN use, with critical failures in the kill-switch and firewall handling modules. PureVPN Linux Client Flaws Anagogistis stated that […] The post PureVPN Vulnerability Exposes Users IPv6 Address While Toggling Wi-Fi appeared first on Cyber Security News.

Jenkins has released critical updates addressing four security flaws that unauthenticated and low-privileged attackers could exploit to disrupt service or glean sensitive configuration details.  Administrators running Jenkins weekly releases up to 2.527 or the Long-Term Support (LTS) stream up to 2.516.2 must upgrade to mitigate these risks. HTTP/2 Denial of Service (CVE-2025-5115) A high-severity issue […] The post Jenkins Patches Multiple Vulnerabilities that Allow Attackers to Cause a Denial of Service appeared first on Cyber Security News.

The newly publicized Pixie Dust attack has once again exposed the critical vulnerabilities inherent in the Wi-Fi Protected Setup (WPS) protocol, enabling attackers to extract the router’s WPS PIN offline and seamlessly join the wireless network.  By targeting weak randomization in the registrar’s nonces, this exploit subverts the intended security of WPS without requiring proximity […] The post Pixie Dust Wi-Fi Attack Exploits Routers WPS to Obtain PIN and Connect With Wireless Network appeared first on Cyber Security News.