The Django development team has issued critical security updates to address a high-severity vulnerability that could allow attackers to execute malicious SQL code on web servers using the popular framework. The flaw, identified as CVE-2025-57833, affects multiple versions of Django, prompting an urgent call for all users to upgrade their installations as soon as possible. […] The post Django Critical Vulnerability Let attackers Execute Malicious SQL Code on Web Servers appeared first on Cyber Security News.

Google has officially promoted Chrome 140 to the stable channel, initiating a multi-platform rollout for Windows, Mac, Linux, Android, and iOS. The update brings the usual stability and performance improvements, but the headline feature is a critical security patch addressing six vulnerabilities, including one high-severity flaw that could allow for remote code execution. Users are […] The post Chrome 140 Released With Fix For Six Vulnerabilities that Enable Remote Code Execution Attacks appeared first on Cyber Security News.

In response to the discovery of actively exploited 0-day vulnerabilities, Google has released its September 2025 Android Security Bulletin, rolling out patch level 2025-09-05 to safeguard millions of devices. The bulletin details critical issues in both System and Kernel components, and emphasizes the importance of immediate updates to mitigate remote code execution risks. Key Takeaways1. […] The post Android Security Update – Patch for 0-Day Vulnerabilities Actively Exploited in Attack appeared first on Cyber Security News.

CISA has issued an urgent advisory concerning a newly disclosed zero-day vulnerability in Meta Platforms’ WhatsApp messaging service (CVE-2025-55177).  This flaw, categorized under CWE-863: Incorrect Authorization, allows an unauthorized actor to manipulate linked device synchronization messages and force a target device to fetch and process content from an attacker-controlled URL.  Key Takeaways1. CVE-2025-55177 exploits a […] The post CISA Warns of WhatsApp 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A proof-of-concept exploit for CVE-2025-53772, a critical remote code execution vulnerability in Microsoft’s IIS Web Deploy (msdeploy) tool, was published this week, raising urgent alarms across the .NET and DevOps communities.  The flaw resides in the unsafe deserialization of HTTP header contents in both the msdeployagentservice and msdeploy.axd endpoints, enabling authenticated attackers to execute arbitrary code on target […] The post PoC Exploit Released for IIS WebDeploy Remote Code Execution Vulnerability appeared first on Cyber Security News.

A critical denial-of-service vulnerability in HashiCorp Vault could allow malicious actors to overwhelm servers with specially crafted JSON payloads, leading to excessive resource consumption and rendering Vault instances unresponsive.  Tracked as CVE-2025-6203 and published on August 28, 2025, the flaw affects both Vault Community and Enterprise editions from version 1.15.0 up to several patched releases.  […] The post HashiCorp Vault Vulnerability Let Attackers to Crash Servers appeared first on Cyber Security News.

A critical flaw in the Mobile Security Framework (MobSF) has been discovered, allowing authenticated attackers to upload and execute malicious files by exploiting improper path validation.  The vulnerability, present in version 4.4.0 and patched in 4.4.1, underscores the importance of rigorous sanitization when handling user‐supplied file paths and archives. Key Takeaways1. MobSF v4.4.0 allowed attackers […] The post MobSF Security Testing Tool Vulnerability Let Attackers Upload Malicious Files appeared first on Cyber Security News.