-
In response to the discovery of actively exploited 0-day vulnerabilities, Google has released its September 2025 Android Security Bulletin, rolling out patch level 2025-09-05 to safeguard millions of devices. The bulletin details critical issues in both System and Kernel components, and emphasizes the importance of immediate updates to mitigate remote code execution risks. Key Takeaways1. […] The post Android Security Update – Patch for 0-Day Vulnerabilities Actively Exploited in Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has issued an urgent advisory concerning a newly disclosed zero-day vulnerability in Meta Platforms’ WhatsApp messaging service (CVE-2025-55177). This flaw, categorized under CWE-863: Incorrect Authorization, allows an unauthorized actor to manipulate linked device synchronization messages and force a target device to fetch and process content from an attacker-controlled URL. Key Takeaways1. CVE-2025-55177 exploits a […] The post CISA Warns of WhatsApp 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept exploit for CVE-2025-53772, a critical remote code execution vulnerability in Microsoft’s IIS Web Deploy (msdeploy) tool, was published this week, raising urgent alarms across the .NET and DevOps communities. The flaw resides in the unsafe deserialization of HTTP header contents in both the msdeployagentservice and msdeploy.axd endpoints, enabling authenticated attackers to execute arbitrary code on target […] The post PoC Exploit Released for IIS WebDeploy Remote Code Execution Vulnerability appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are rapidly weaponizing Hexstrike-AI, a recently released AI-powered offensive security framework, to scan for and exploit zero-day CVEs in under ten minutes. Originally marketed as an offensive security framework for red teams, Hexstrike-AI’s architecture has already been repurposed by malicious operators within hours of its public release. Key Takeaways1. Hexstrike-AI automates zero-day exploits […] The post Hackers Leverage Hexstrike-AI Tool to Exploit Zero Day Vulnerabilities Within 10 Minutes appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical denial-of-service vulnerability in HashiCorp Vault could allow malicious actors to overwhelm servers with specially crafted JSON payloads, leading to excessive resource consumption and rendering Vault instances unresponsive. Tracked as CVE-2025-6203 and published on August 28, 2025, the flaw affects both Vault Community and Enterprise editions from version 1.15.0 up to several patched releases. […] The post HashiCorp Vault Vulnerability Let Attackers to Crash Servers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical flaw in the Mobile Security Framework (MobSF) has been discovered, allowing authenticated attackers to upload and execute malicious files by exploiting improper path validation. The vulnerability, present in version 4.4.0 and patched in 4.4.1, underscores the importance of rigorous sanitization when handling user‐supplied file paths and archives. Key Takeaways1. MobSF v4.4.0 allowed attackers […] The post MobSF Security Testing Tool Vulnerability Let Attackers Upload Malicious Files appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Multiple critical vulnerabilities in Qualcomm Technologies’ proprietary Data Network Stack and Multi-Mode Call Processor that permit remote attackers to execute arbitrary code. These flaws, tracked as CVE-2025-21483 and CVE-2025-27034, each carry a CVSS score of 9.8 and exploit buffer-corruption weaknesses to compromise device security. Key Takeaways1. CVE-2025-21483 & CVE-2025-27034 allow remote RCE.2. Affects Snapdragon 8 […] The post Critical Qualcomm Vulnerabilities Allow Attackers to Execute Arbitrary Code Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has emerged in Azure Active Directory (Azure AD) configurations that exposes sensitive application credentials, providing attackers with unprecedented access to cloud environments. This vulnerability centers around the exposure of appsettings.json files containing ClientId and ClientSecret credentials, effectively handing adversaries the keys to entire Microsoft 365 tenants. The vulnerability was identified during […] The post Azure Active Directory Vulnerability Exposes Credentials and Enables Attackers to Deploy Malicious Apps appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered critical security vulnerability in the Next.js framework, designated CVE-2025-29927, poses a significant threat to web applications by allowing malicious actors to completely bypass authorization mechanisms. This vulnerability arises from improper handling of the x-middleware-subrequest header within Next.js middleware execution, potentially exposing sensitive administrative areas and protected resources to unauthorized access. The vulnerability […] The post Critical Next.js Framework Vulnerability Let Attackers Bypass Authorization appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
MediaTek today published a critical security bulletin addressing several vulnerabilities across its latest modem chipsets, urging device OEMs to deploy updates immediately. The bulletin, issued two months after confidential OEM notification, confirms that no known in-the-wild exploits have been detected to date. Key Takeaways1. MediaTek patched high- and medium-severity modem and firmware bugs across 60+ […] The post MediaTek Security Update – Patch for Multiple Vulnerabilities Across Chipsets appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
