-
A severe remote code execution (RCE) vulnerability has been discovered in Imunify360 AV, a widely used malware scanner protecting approximately 56 million websites. The security flaw, recently patched by CloudLinux, allows attackers to execute arbitrary commands and potentially take complete control of hosting servers. Patchstack researchers discovered a flaw in Imunify360 AV’s deobfuscation logic used […] The post Critical Imunify360 AV Vulnerability Exposes 56 Million+ Linux-hosted Websites to RCE Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Fortinet’s FortiWeb Web Application Firewall (WAF) is being actively exploited by threat actors, potentially as a zero-day attack vector. The flaw, which enables unauthenticated attackers to gain administrator-level access to the FortiWeb Manager panel and WebSocket command-line interface, was first highlighted through a proof-of-concept (PoC) exploit shared by cyber deception firm […] The post Critical Fortinet FortiWeb Vulnerability Exploited in the Wild to Create Admin Accounts appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are actively exploiting a critical authentication bypass vulnerability in Fortinet’s FortiWeb web application firewall (WAF) worldwide, prompting defenders to heighten vigilance. Researchers at watchTowr Labs have responded by releasing a Detection Artefact Generator script, designed to help organizations scan their environments for vulnerable FortiWeb appliances and mitigate risks swiftly. The vulnerability, tracked as […] The post FortiWeb Authentication Bypass Vulnerability Exploited – Script to Detect Vulnerable Appliances appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released urgent security patches addressing multiple vulnerabilities affecting both the Community Edition and the Enterprise Edition. The company released versions 18.5.2, 18.4.4, and 18.3.6 to fix critical security issues that could allow attackers to compromise sensitive information and bypass access controls. The most concerning vulnerability involves prompt injection attacks in GitLab Duo’s review feature. Attackers […] The post Multiple GitLab Vulnerabilities Let Attackers Inject Malicious Prompts to Steal Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Elastic Security has disclosed critical vulnerabilities affecting Kibana that could enable attackers to execute Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) attacks against vulnerable deployments. The vulnerabilities stem from inadequate origin validation in the Observability AI Assistant component. The primary vulnerability, tracked as CVE-2025-37734 under Elastic Security Advisory ESA-2025-24, involves an origin validation error in Kibana. […] The post Multiple Kibana Vulnerabilities Enables SSRF and XSS Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Palo Alto Networks has disclosed a critical denial-of-service vulnerability in its PAN-OS firewall software that allows unauthenticated attackers to remotely reboot firewalls by sending specially crafted packets. Tracked as CVE-2025-4619, the vulnerability poses significant risks to organizations relying on Palo Alto firewalls for network security. The flaw, identified as CWE-754 (Improper Check for Unusual or […] The post Palo Alto PAN-OS Firewall Vulnerability Let Attackers Reboot Firewall by Sending Malicious Packet appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Dell Technologies has disclosed a critical security vulnerability in its Data Lakehouse platform that could allow remote attackers to escalate privileges and compromise system integrity. The flaw, tracked as CVE-2025-46608, affects all versions before 1.6.0.0 and has been assigned a CVSS score of 9.1, placing it in the critical severity category. The security flaw stems from an improper […] The post Critical Dell Data Lakehouse Vulnerability Let Remote Attacker Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has released a warning about a serious vulnerability affecting WatchGuard Firebox security appliances. This flaw, tracked as CVE-2025-9242, potentially allows remote attackers to take control of affected systems. The security issue involves an out-of-bounds write in the device’s operating system, specifically the OS iked process. This means a […] The post CISA Warns WatchGuard Firebox Out-of-Bounds Write Vulnerability Exploited Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A vulnerability in OpenAI’s advanced video generation model, Sora 2, that enables the extraction of its hidden system prompt through audio transcripts, raising concerns about the security of multimodal AI systems. This vulnerability, detailed in a blog post by AI security firm Mindgard, demonstrates how creative prompting across text, images, video, and audio can bypass […] The post OpenAI Sora 2 Vulnerability Exposes System Prompts via Audio Transcripts appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding federal agencies. Failing to properly patch Cisco Adaptive Security Appliances (ASA) and Firepower Threat Defense (FTD) devices against actively exploited vulnerabilities. Under Emergency Directive 25-03, CISA has identified two severe CVEs posing unacceptable risks to federal information systems: CVE-2025-20333, which enables remote […] The post CISA Warns of Federal Agencies Not Fully Patching Actively Exploited Cisco ASA or Firepower Devices appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
