The Shadowserver Foundation has uncovered more than 71,000 internet-exposed WatchGuard devices running vulnerable versions of Fireware OS. The flaw, tracked as CVE-2025-9242, stems from an out-of-bounds write vulnerability in the IKEv2 implementation, potentially allowing remote attackers to execute arbitrary code without authentication. Disclosed earlier this year, the issue highlights the dangers of unpatched firewalls in […] The post 71,000+ WatchGuard Devices Vulnerable to Remote Code Execution Attacks appeared first on Cyber Security News.

A critical zero-click vulnerability in Dolby Digital Plus (DDP) audio decoding software has been disclosed, allowing attackers to execute malicious code remotely via seemingly innocuous audio messages. Google Project Zero’s Ivan Fratric and Natalie Silvanovich have identified an out-of-bounds write flaw in the DDPlus Unified Decoder, which processes evolution data in audio files. This bug […] The post Dolby Digital Plus 0-Click Vulnerability Enables RCE Attack via Malicious Audio on Android appeared first on Cyber Security News.

A proof-of-concept exploit for two critical vulnerabilities in the popular file archiver 7-Zip, potentially allowing attackers to execute arbitrary code remotely through malicious ZIP files. The flaws, tracked as CVE-2025-11001 and CVE-2025-11002, were disclosed by the Zero Day Initiative (ZDI) on October 7, 2025, and stem from improper handling of symbolic links during ZIP extraction […] The post PoC Exploit Released for 7-Zip Vulnerabilities that Let Attackers Execute Arbitrary Code Remotely appeared first on Cyber Security News.

A newly disclosed Server-Side Request Forgery (SSRF) flaw in Zimbra Collaboration Suite has raised major security concerns, prompting administrators to patch systems immediately. The issue, identified in the chat proxy configuration component, could allow attackers to gain unauthorized access to internal resources and sensitive user data. According to Zimbra’s latest advisory, this critical SSRF vulnerability […] The post Critical Zimbra SSRF Vulnerability Let Attackers Access Sensitive Data appeared first on Cyber Security News.

ConnectWise released a critical security update for its Automate platform on October 16, 2025. The patch, version 2025.9, addresses serious flaws in agent communications that could let attackers intercept sensitive data or push malicious software updates. These vulnerabilities primarily affect on-premises installations, where misconfigurations might expose systems to network-based exploits. The issues stem from environments […] The post Critical ConnectWise Vulnerabilities Allow Attackers To Inject Malicious Updates appeared first on Cyber Security News.

Cisco has issued a security advisory warning of multiple vulnerabilities in its Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models running Cisco Session Initiation Protocol (SIP) Software. Published on October 15, 2025, the advisory details risks that could enable unauthenticated remote attackers to trigger denial-of-service (DoS) conditions or […] The post Cisco Desk, IP, and Video Phone Vulnerabilities Let Remote Attackers Trigger DoS And XSS Attacks appeared first on Cyber Security News.

F5 Networks, a leading provider of application security and delivery solutions, has disclosed a significant security breach involving a nation-state threat actor, prompting the release of critical updates for its core products. Detected in August 2025, the incident exposed internal systems to prolonged unauthorized access, leading to the theft of BIG-IP source code and undisclosed […] The post F5 Released Security Updates Covering Multiple Products Following Recent Hack appeared first on Cyber Security News.