-
A critical vulnerability in Azure Bastion (CVE-2025-49752) allows remote attackers to bypass authentication mechanisms and escalate privileges to administrative levels. The flaw, categorized as an authentication bypass vulnerability, poses an immediate risk to organizations that rely on Azure Bastion for secure administrative access to their cloud infrastructure. Attackers Can Escalate Privileges Without User Interaction The […] The post Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Metasploit Framework has introduced a new exploit module targeting critical vulnerabilities in Fortinet’s FortiWeb Web Application Firewall (WAF). This module chains two recently disclosed flaws, CVE-2025-64446 and CVE-2025-58034, to achieve unauthenticated Remote Code Execution (RCE) with root privileges. The release follows reports of active exploitation in the wild, including “silent patches” and subsequent bypasses that have left many […] The post Metasploit Adds Exploit Module for Recently Disclosed FortiWeb 0-Day Vulnerabilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Grafana Labs has disclosed a critical security vulnerability affecting Grafana Enterprise that could allow attackers to escalate privileges and impersonate users. The flaw, tracked as CVE-2025-41115, has received the maximum CVSS score of 10.0, making it one of the most severe vulnerabilities discovered in recent times. The vulnerability exists in Grafana’s SCIM (System for Cross-domain Identity […] The post Critical Grafana Vulnerability Let Attackers Escalate Privilege appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in ASUSTOR backup and synchronization software, allowing attackers to execute malicious code with elevated system privileges. The flaw, tracked as CVE-2025-13051, affects two widely used ASUSTOR applications and poses a significant risk to users running outdated versions. The DLL Hijacking Vulnerability The vulnerability stems from a DLL hijacking […] The post Critical ASUSTOR Vulnerability Let Attackers Execute Malicious Code with Elevated Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That allows remote unauthenticated attackers to crash firewalls through denial-of-service attacks. The vulnerability was internally discovered and reported by SonicWall’s security team. The flaw, tracked as CVE-2025-40601, carries a CVSS score of 7.5 and affects multiple generations of SonicWall firewall products. Field […] The post SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A threat actor known as Zeroplayer has reportedly listed a zero-day remote code execution (RCE) vulnerability, combined with a sandbox escape, targeting Microsoft Office and Windows systems for sale on underground hacking forums. Priced at $30,000, the exploit purportedly works on most Office file formats, including the latest versions, and affects fully patched Windows installations. […] The post Threat Actors Allegedly Selling Microsoft Office 0-Day RCE Vulnerability on Hacking Forums appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
N-able’s N-central remote management and monitoring (RMM) platform faces critical security risks following the discovery of multiple vulnerabilities. According to Horizon3.ai, it allows unauthenticated attackers to bypass authentication, access legacy APIs, and exfiltrate sensitive files, including credentials and database backups. The Vulnerability Chain Earlier this year, N-able N-central was added to the CISA Known Exploited […] The post Critical N-able N-central Vulnerabilities Allow attacker to interact with legacy APIs and read sensitive files appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Twonky Server version 8.5.2 contains two critical authentication bypass vulnerabilities that allow unauthenticated attackers to gain full administrative access to the media server software. Rapid7 discovered that the vulnerabilities can be chained together to compromise administrator accounts without any user interaction or valid credentials. The vulnerabilities affect Twonky Server installations on both Linux and Windows […] The post Critical Twonky Server Vulnerabilities Let Attackers Bypass Authentication appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A severe vulnerability in Ollama, one of GitHub’s most popular open-source projects, with over 155,000 stars. The flaw enables attackers to execute arbitrary code on systems running vulnerable versions of the platform by exploiting weaknesses in the software’s parsing of model files. Ollama is a widely used tool that allows developers and AI specialists to […] The post Ollama Vulnerabilities Let Attackers Execute Arbitrary Code by Parsing of Malicious Model Files appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about a zero-day vulnerability in Google Chrome, actively exploited by threat actors. CVE-2025-13223 is a flaw in the Chromium V8 JavaScript engine that poses significant risks to users worldwide, potentially enabling remote code execution and data breaches. The vulnerability stems from a […] The post CISA Warns of Google Chrome 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
