-
A significant vulnerability has been discovered in Angular’s server-side rendering (SSR) implementation that could allow attackers to access sensitive user data. The flaw, rooted in how Angular handles concurrent requests, could lead to data from one user’s session being leaked to another. The Angular team has released patches for all actively supported versions of the […] The post Angular SSR Vulnerability Lets Attackers Access Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed attack technique enables authenticated users within the popular GitOps tool ArgoCD to exfiltrate powerful Git credentials. The method, discovered by the cybersecurity research group Future Sight, exploits Kubernetes’ internal DNS resolution to intercept credentials in transit, posing a significant risk to organizations relying on the continuous delivery tool. ArgoCD, a leading project […] The post New Attack Technique That Enables Attackers To Exfiltrate Git Credentials In Argocd appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA has released a security update for its NVDebug tool to address three high-severity vulnerabilities that could allow an attacker to escalate privileges, execute code, and tamper with data. The company is urging users to immediately install the latest version of the tool to protect their systems from potential exploitation. The security advisory details three […] The post NVIDIA NVDebug Tool Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to investigate Microsoft for what he terms “gross cybersecurity negligence,” accusing the tech giant of knowingly shipping its Windows operating system with a dangerously outdated form of encryption that has enabled devastating ransomware attacks on U.S. critical infrastructure, including major healthcare systems. In […] The post Senator Calls for FTC Investigation into Microsoft’s Use of Outdated RC4 Encryption and Kerberoasting Vulnerabilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Australian Cyber Security Centre (ACSC) has issued a critical alert regarding a severe access control vulnerability in SonicWall products that is being actively exploited in attacks. The flaw, tracked as CVE-2024-40766, affects multiple generations of SonicWall firewalls and carries a critical CVSS score of 9.3, highlighting the significant risk it poses to organizations. The […] The post ACSC Warns Of Sonicwall Access Control Vulnerability Actively Exploited In Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A remote code execution vulnerability has been discovered in the Cursor AI Code Editor, enabling a malicious code repository to run code on a user’s machine upon opening automatically. The research team at Oasis Security uncovered the flaw, which bypasses typical user consent prompts by exploiting a default configuration setting in the popular editor. According […] The post Cursor AI Code Editor RCE Vulnerability Enables “autorun” of Malicious on your Machine appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released urgent security patches for its Community (CE) and Enterprise (EE) editions, addressing multiple vulnerabilities, including two high-severity flaws that could lead to Server-Side Request Forgery (SSRF) and Denial of Service (DoS) attacks. The company is strongly advising all administrators of self-managed GitLab installations to upgrade immediately to the newly released versions: 18.3.2, […] The post GitLab Patches Multiple Vulnerabilities That Enables Denial Of Service and SSRF Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security vulnerability has been found in the Google Drive Desktop application for Windows. It allows a logged-in user on a shared machine to access another user’s Drive files completely without needing their credentials. This vulnerability stems from a broken access control mechanism in how the application handles cached data. While Google Drive is widely […] The post Google Drive Desktop for Windows Vulnerability Grants Full Access to Another User’s Drive appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released patches for two significant vulnerabilities in Microsoft Office that could allow attackers to execute malicious code on affected systems. The flaws, tracked as CVE-2025-54910 and CVE-2025-54906, were disclosed on September 9, 2025, and affect various versions of the popular productivity suite. While Microsoft has assessed exploitation as “less likely” for both vulnerabilities […] The post Critical Microsoft Office Vulnerabilities Let Attackers Execute Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has addressed two significant elevation of privilege vulnerabilities affecting its Windows BitLocker encryption feature. The flaws, tracked as CVE-2025-54911 and CVE-2025-54912, were disclosed on September 9, 2025, and carry an “Important” severity rating. Both vulnerabilities could allow an authorized attacker to gain full SYSTEM privileges on a compromised machine, bypassing the security layers that […] The post Windows BitLocker Vulnerability Let Attackers Elevate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
