-
A significant security flaw has been discovered in pgAdmin, the widely used open-source administration and development platform for PostgreSQL databases. The vulnerability, tracked as CVE-2025-9636, affects all pgAdmin versions up to and including 9.7, potentially allowing remote attackers to gain unauthorized access to user accounts and the sensitive data they manage. The core of the […] The post PgAdmin Vulnerability Lets Attackers Gain Unauthorised Account Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept (PoC) exploit has been released for a critical remote code execution (RCE) vulnerability in ImageMagick 7’s MagickCore subsystem, specifically affecting the blob I/O (BlobStream) implementation. Security researchers and the ImageMagick team urge all users and organizations to update immediately to prevent exploitation. ImageMagick, a widely used image processing library, was found to contain a heap out-of-bounds write […] The post PoC Exploit Released for ImageMagick RCE Vulnerability – Update Now appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An important security vulnerability has been discovered in Apache Jackrabbit, a popular open-source content repository used in enterprise content management systems and web applications. This flaw could allow unauthenticated attackers to achieve arbitrary code execution (RCE) on servers running vulnerable versions, presenting a critical risk to system security and data confidentiality. The vulnerability, tracked as […] The post Apache Jackrabbit Exposes Systems To Arbitrary Code Execution Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability has been discovered in Argo CD that allows API tokens with limited permissions to access sensitive repository credentials. The flaw in the project details API endpoint exposes usernames and passwords, undermining the platform’s security model by granting access to secrets without explicit permissions. The vulnerability stems from an improper authorization check in […] The post Critical Argo CD API Vulnerability Exposes Repository Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in SAP S/4HANA is being actively exploited in the wild, allowing attackers with low-level user access to gain complete control over affected systems. The vulnerability, tracked as CVE-2025-42957, carries a CVSS score of 9.9 out of 10, signaling a severe and imminent threat to organizations running all releases of S/4HANA, both on-premise […] The post Critical SAP S/4HANA Vulnerability Actively Exploited to Fully Compromise Your SAP System appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has issued an urgent alert regarding a zero-day vulnerability in the Android operating system that is being actively exploited in real-world attacks. The vulnerability, identified as CVE-2025-48543, is a high-severity issue that could allow attackers to gain elevated control over affected devices. On Thursday, September 4, 2025, CISA added the vulnerability to its Known […] The post CISA Warns of Android 0-Day Use-After-Free Vulnerability Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical, zero-click vulnerability that allows attackers to hijack online accounts by exploiting how web applications handle international email addresses. The flaw, rooted in a technical discrepancy known as a “canonicalization mismatch,” affects password reset and “magic link” login systems, which are foundational to modern web security. According to NullSecurityX, the attack requires no interaction […] The post Critical 0-Click Vulnerability Enables Attackers to Takeover Email Access Using Punycode appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An unprecedented surge in malicious scanning activity targeting Cisco Adaptive Security Appliances (ASAs) occurred in late August 2025, with over 25,000 unique IP addresses participating in coordinated reconnaissance efforts. GreyNoise, a threat intelligence company, observed two distinct scanning waves that represent a dramatic escalation from the typical baseline activity of fewer than 500 IPs per […] The post Hackers Scanning Cisco ASA Devices to Exploit Vulnerabilities from 25,000 IPs appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Django development team has issued critical security updates to address a high-severity vulnerability that could allow attackers to execute malicious SQL code on web servers using the popular framework. The flaw, identified as CVE-2025-57833, affects multiple versions of Django, prompting an urgent call for all users to upgrade their installations as soon as possible. […] The post Django Critical Vulnerability Let attackers Execute Malicious SQL Code on Web Servers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has officially promoted Chrome 140 to the stable channel, initiating a multi-platform rollout for Windows, Mac, Linux, Android, and iOS. The update brings the usual stability and performance improvements, but the headline feature is a critical security patch addressing six vulnerabilities, including one high-severity flaw that could allow for remote code execution. Users are […] The post Chrome 140 Released With Fix For Six Vulnerabilities that Enable Remote Code Execution Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
