A comprehensive security analysis of vtenext CRM version 25.02 has revealed multiple critical vulnerabilities that allow unauthenticated attackers to bypass authentication mechanisms through three distinct attack vectors, ultimately leading to remote code execution on target systems.  The Italian CRM solution, utilized by numerous small and medium enterprises across Italy, faces significant security exposure despite attempted […] The post Multiple vtenext Vulnerabilities Let Attackers Bypass Authentication and Execute Remote Codes appeared first on Cyber Security News.

CISA has issued an urgent warning regarding a critical zero-day vulnerability affecting Apple’s iOS, iPadOS, and macOS operating systems that threat actors are actively exploiting.  The vulnerability, tracked as CVE-2025-43300, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling immediate action is required from organizations and individual users to protect their systems from […] The post CISA Warns of Apple iOS, iPadOS, and macOS 0-day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A newly disclosed vulnerability in Docker Desktop for Windows has revealed how a simple Server-Side Request Forgery (SSRF) attack could lead to complete host system compromise.  CVE-2025-9074, discovered by Felix Boulet and reported on August 21, 2025, affects all Docker Desktop versions prior to 4.44.3 and demonstrates how container isolation can be completely bypassed through […] The post Windows Docker Desktop Vulnerability Leads to Full Host Compromise appeared first on Cyber Security News.

Artificial intelligence systems can automatically generate functional exploits for newly published Common Vulnerabilities and Exposures (CVEs) in just 10-15 minutes at approximately $1 per exploit.  This breakthrough significantly compresses the traditional “grace period” that defenders typically rely on to patch vulnerabilities before working exploits become available. The research, conducted by security experts Efi Weiss and […] The post AI Systems Can Generate Working Exploits for Published CVEs in 10-15 Minutes appeared first on Cyber Security News.

A critical vulnerability in OpenAI’s latest flagship model, ChatGPT-5, allows attackers to sidestep its advanced safety features using simple phrases. The flaw, dubbed “PROMISQROUTE” by researchers at Adversa AI, exploits the cost-saving architecture that major AI vendors use to manage the immense computational expense of their services. The vulnerability stems from an industry practice that […] The post ChatGPT-5 Downgrade Attack Let Hackers Bypass AI Security With Just a Few Words appeared first on Cyber Security News.

Mozilla has released Firefox 142 to address multiple high-severity security vulnerabilities that could allow attackers to execute arbitrary code remotely on affected systems.  The security advisory, published on August 19, 2025, reveals nine distinct vulnerabilities ranging from sandbox escapes to memory safety bugs, with several classified as high-impact threats capable of enabling remote code execution […] The post Mozilla High Severity Vulnerabilities Enables Remote Code Execution appeared first on Cyber Security News.

A critical pre-handshake vulnerability in the LSQUIC QUIC implementation that allows remote attackers to crash servers through memory exhaustion attacks.  The vulnerability, designated CVE-2025-54939 and dubbed “QUIC-LEAK,” affects the second most widely used QUIC implementation globally, potentially impacting over 34% of HTTP/3-enabled websites that rely on LiteSpeed technologies. Key Takeaways1. CVE-2025-54939 allows remote DoS via […] The post New QUIC-LEAK Vulnerability Let Attackers Exhaust Server Memory and Trigger DoS Attack appeared first on Cyber Security News.