CrowdStrike has disclosed and released patches for two medium-severity vulnerabilities in its Falcon sensor for Windows that could allow an attacker to delete arbitrary files. The security vulnerabilities, designated as CVE-2025-42701 and CVE-2025-42706, require an attacker to have already gained the ability to execute code on a target system. The company has stated that there […] The post CrowdStrike Falcon Windows Sensor Vulnerability Enables Code Execution and File Deletion appeared first on Cyber Security News.

Google has introduced CodeMender, a new artificial intelligence-powered agent that automatically enhances software security by identifying and fixing vulnerabilities. This initiative addresses the growing gap between the rapid, AI-assisted discovery of security flaws and the time-consuming manual effort required to patch them. Leveraging advanced AI, CodeMender not only reacts to new threats but also proactively […] The post Google’s New AI Agent, CodeMender, Automatically Rewrites Vulnerable Code appeared first on Cyber Security News.

A critical flaw in the AWS Client VPN for macOS has been disclosed, presenting a local privilege escalation risk to non-administrator users.  The vulnerability tracked as CVE-2025-11462 allows attackers to gain root privileges by abusing the client’s log rotation mechanism. AWS Client VPN is a managed, client-based VPN service that secures access to AWS and […] The post Critical AWS ClientVPN for macOS Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

CISA has issued a critical warning regarding a zero-day cross-site scripting (XSS) vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS), designated as CVE-2025-27915.  This vulnerability has been actively exploited in attacks and poses significant risks to organizations using the popular email and collaboration platform. Zimbra Collaboration Suite (ZCS) XSS Flaw The vulnerability exists within the Classic […] The post CISA Warns of Zimbra Collaboration Suite (ZCS) XSS Zero-Day Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

A massive escalation in attacks targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with over 2,200 unique IP addresses conducting reconnaissance operations as of October 7, 2025.  This represents a significant surge from the initial 1,300 IPs observed just days earlier, marking the highest scanning activity recorded in the past 90 days according to GreyNoise […] The post Attacks on Palo Alto PAN-OS Global Protect Login Portals Surge from 2,200 IPs appeared first on Cyber Security News.

Google has released Chrome version 141.0.7390.65/.66 for Windows and Mac, along with 141.0.7390.65 for Linux, addressing multiple critical security vulnerabilities that could allow attackers to execute arbitrary code on affected systems.  The update, announced on October 7, 2025, includes three significant security fixes that pose serious risks to users worldwide. Heap Buffer Overflow and Memory […] The post Multiple Chrome Vulnerabilities Expose Users to Arbitrary Code Execution Attacks appeared first on Cyber Security News.

A novel and alarming cybersecurity threat has emerged, turning an ordinary computer peripheral into a sophisticated eavesdropping device. Researchers have detailed a new technique, dubbed the “Mic-E-Mouse” attack, which allows threat actors to exfiltrate sensitive data by exploiting the high-performance optical sensors found in many modern computer mice. This method can covertly capture and reconstruct […] The post New Mic-E-Mouse Attack Let Hackers Exfiltrate Sensitive Data by Exploiting Mouse Sensors appeared first on Cyber Security News.