-
A dangerous vulnerability in ServiceNow’s Now Assist AI platform allows attackers to execute second-order prompt injection attacks via default agent configuration settings. The flaw enables unauthorized actions, including data theft, privilege escalation, and exfiltration of external email, even with ServiceNow’s built-in prompt injection protection enabled. The vulnerability stems from three default configurations that, when combined, […] The post Hackers Can Exploit Default ServiceNow AI Assistants Configurations to Launch Prompt Injection Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cline is an open-source AI coding agent with 3.8 million installs and over 52,000 GitHub stars. Contains four critical security vulnerabilities that enable attackers to execute arbitrary code and exfiltrate sensitive data through malicious source code repositories. Mindgard researchers discovered the flaws during an audit of the popular VSCode extension, which supports Claude Sonnet and […] The post Cline AI Coding Agent Vulnerabilities Enables Prompt Injection, Code Execution, and Data Leakage appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers have begun actively exploiting a critical remote code execution (RCE) vulnerability in the popular file archiver 7-Zip, putting millions of users at risk of malware infection and system compromise. The flaw, tracked as CVE-2025-11001, stems from improper handling of symbolic links in ZIP archives, allowing attackers to traverse directories and execute arbitrary code on […] The post Hackers Actively Exploiting 7-Zip RCE Vulnerability in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cyber campaign known as Operation WrtHug has hijacked tens of thousands of ASUS WRT routers globally, turning them into potential espionage tools for suspected China-linked hackers. SecurityScorecard’s STRIKE team, in collaboration with ASUS, revealed the operation on November 18, 2025, highlighting how attackers exploited outdated firmware to build a stealthy network infrastructure. This […] The post Massive Hacking Operation WrtHug Compromises Thousands of ASUS Routers Worldwide appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Multiple critical vulnerabilities affect D-Link DIR-878 routers across all models and firmware revisions. These devices reached the end of life on January 31, 2021. They will no longer receive security updates or technical support from D-Link Corporation. The vulnerabilities allow remote attackers to gain complete control of affected routers without requiring authentication. Two of the […] The post Multiple Vulnerabilities in D-Link EoL/EoS Routers Allows Remote Code Execution Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet has released an urgent security advisory addressing a newly discovered zero-day vulnerability, CVE-2025-58034, in its FortiWeb web application firewall platform, after evidence emerged of active exploitation in the wild. The flaw, characterized as improper neutralization of special elements used in OS commands (CWE-78), enables authenticated attackers to execute unauthorized code or commands on targeted […] The post New FortiWeb 0-Day Command Injection Vulnerability Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical command injection vulnerability has been discovered in the W3 Total Cache plugin, one of WordPress’s most popular caching solutions used by approximately 1 million websites. The vulnerability, tracked as CVE-2025-9501 with a CVSS severity score of 9.0 (Critical), allows unauthenticated attackers to execute arbitrary PHP commands directly on vulnerable servers. W3 Total Cache Vulnerability The flaw exists in […] The post W3 Total Cache Command Injection Vulnerability Exposes 1 Million WordPress Sites to RCE Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A serious security flaw was discovered in the AI-Bolit component of Imunify products. This vulnerability allows attackers to run arbitrary code and even become root on a server. Imunify released a fix on October 23, 2025, and most servers have already received the automatic update. Currently, there are no reports of hackers exploiting this security […] The post Imunify AI-Bolit Vulnerability Let Execute Arbitrary Code and Escalate Privileges to Root appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about a severe vulnerability in Lynx+ Gateway devices that could expose sensitive information in clear text during transmission. The flaw allows attackers to catch network traffic and obtain plaintext credentials and other confidential data. The vulnerability, tracked as CVE-2025-62765, stems from the product’s […] The post CISA Warns of Critical Lynx+ Gateway Vulnerability Exposes Data in Cleartext appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
IBM has released critical security updates addressing two severe vulnerabilities in its AIX operating system that could allow remote attackers to execute arbitrary commands on affected systems. Both vulnerabilities stem from improper process controls in essential IBM AIX services. Critical Flaws in IBM AIX Services The first vulnerability, CVE-2025-36251, affects the Nimsh service and its […] The post IBM AIX Vulnerabilities Let Remote Attacker Execute Arbitrary Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
