-
Microsoft has assigned CVE-2025-62215 to a new Windows Kernel elevation of privilege flaw that is being actively exploited in the wild. Published on November 11, 2025, the vulnerability is rated Important and tracked as an elevation of privilege issue in the kernel. Microsoft’s exploitability index lists “Exploitation Detected,” indicating real-world use despite the absence of […] The post Windows Kernel 0‑day Vulnerability Actively Exploited in the Wild to Escalate Privilege appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft rolled out its November 2025 Patch Tuesday security updates today, addressing 63 vulnerabilities across its product and service ecosystem. Among these, one zero-day flaw has already been exploited in the wild, underscoring the urgency for organizations and users to apply patches promptly to mitigate potential threats. The updates cover Windows, Office, Azure, Visual Studio, […] The post Microsoft November 2025 Patch Tuesday – 63 Vulnerabilities, Including 1 Zero-Day Fixed appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Mozilla has rolled out Firefox 145, addressing a series of high-severity vulnerabilities that could allow attackers to execute arbitrary code on users’ systems. Announced on November 11, 2025, the release patches flaws primarily in the browser’s graphics, JavaScript, and DOM components, urging immediate upgrades to mitigate risks from potential exploits. The update tackles 15 CVEs, […] The post Firefox Releases Security Update to Fix Multiple Vulnerabilities Allowing Arbitrary Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ivanti has rolled out security updates for its Endpoint Manager product, addressing three high-severity vulnerabilities that could let authenticated local attackers write arbitrary files anywhere on the system disk. The flaws, if exploited, pose significant risks to enterprise environments by potentially allowing malicious code execution or data tampering. The most recent issue, tracked as CVE-2025-10918, […] The post Ivanti Endpoint Manager Vulnerabilities Let Attackers Write Arbitrary Files to Disk appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Synology has released an urgent security update addressing a critical remote code execution vulnerability in BeeStation OS that allows unauthenticated attackers to execute arbitrary code on affected devices. The vulnerability, tracked as CVE-2025-12686 and identified by ZDI-CAN-28275, carries a critical CVSS3 base score of 9.8, reflecting its severe impact and exploitability. The flaw stems from […] The post Synology BeeStation 0-Day Vulnerability Let Remote Attackers Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Devolutions Server could allow attackers with low-level access to impersonate other user accounts by exploiting how the application handles authentication cookies before multi-factor authentication is completed. The security flaw, tracked as CVE-2025-12485, stems from improper privilege management during pre-MFA cookie handling. When users log in to Devolutions Server, the application generates temporary […] The post Devolutions Server Vulnerability Let Attackers Impersonate Users Using Pre-MFA Cookie appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in WatchGuard Firebox firewalls could allow attackers to gain complete administrative access to the devices without any authentication. The flaw, tracked as CVE-2025-59396, stems from insecure default configurations that expose SSH access on port 4118 using hardcoded credentials. WatchGuard Firebox appliances through September 10, 2025, ship with default SSH credentials (admin:readwrite) that […] The post WatchGuard Firebox Firewall Vulnerability Let Attackers Gain Unauthorized SSH Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Zoom has issued multiple security bulletins detailing patches for several vulnerabilities affecting its Workplace applications. The disclosures, published today, highlight two high-severity issues alongside medium-rated flaws, underscoring the ongoing challenges in securing video conferencing tools used by millions in hybrid work environments. These updates come as cybersecurity experts warn of increasing exploitation attempts on collaboration […] The post Zoom Vulnerabilities Let Attackers Bypass Access Controls to Access Session Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SAP released its monthly Security Patch Day updates, addressing 18 new security notes and providing two updates to existing ones, focusing on vulnerabilities that could enable remote code execution and various injection attacks across its product ecosystem. These patches are crucial for enterprises relying on SAP systems, as unpatched flaws could expose sensitive data and […] The post SAP Security Update – Patch for Critical Vulnerabilities Allowing Code Execution and Injection Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google Mandiant has disclosed active exploitation of CVE-2025-12480, a critical unauthenticated access vulnerability in Gladinet’s Triofox file-sharing platform. The threat cluster tracked as UNC6485 has been weaponizing this flaw since August 2025 to gain unauthorized administrative access and establish persistent remote control over compromised systems. The vulnerability stems from improper access control validation in Triofox versions 16.4.10317.56372 and […] The post Hackers Exploiting Triofox 0-Day Vulnerability to Execute Malicious Payload Abusing Anti-Virus Feature appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
