-
A critical vulnerability affecting FlowiseAI’s Flowise platform has been disclosed, revealing a severe authentication bypass flaw that allows attackers to perform complete account takeovers with minimal effort. The vulnerability tracked as CVE-2025-58434 impacts both cloud deployments at cloud.flowiseai.com and self-hosted installations, making it a widespread security concern for organizations using this AI agent-building platform. Key […] The post FlowiseAI Password Reset Token Vulnerability Allows Account Takeover appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A massive data breach has exposed the inner workings of China’s internet censorship system, with over 500GB of sensitive documents from the Great Firewall of China (GFW) leaked online on September 11, 2025. This represents the largest leak of int…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two critical vulnerabilities have been discovered in the Linux Common Unix Printing System (CUPS), exposing millions of systems to remote denial-of-service attacks and authentication bypass exploits. The vulnerabilities, tracked as CVE-2025-58364 and CVE-2025-58060, affect the core printing infrastructure used across virtually all Linux distributions and pose significant risks to network security. Key Takeaways1. Two Critical […] The post Linux CUPS Vulnerability Let Attackers Remote DoS and Bypass Authentication appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in FlowiseAI has been discovered that allows attackers to take over user accounts with minimal effort. The flaw, tracked as CVE-2025-58434, affects both cloud-hosted and self-hosted FlowiseAI deployments, posing signi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two critical security vulnerabilities have been discovered in the Common Unix Printing System (CUPS), a widely used printing subsystem for Unix-like operating systems. The flaws, designated as CVE-2025-58364 and CVE-2025-58060, expose Linux systems to …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new proof-of-concept (PoC) tool named BitlockMove demonstrates a novel lateral movement technique that leverages BitLocker’s Distributed Component Object Model (DCOM) interfaces and COM hijacking. Released by security researcher Fabian Mosch of r-tec Cyber Security, the tool enables attackers to execute code on remote systems within the session of an already logged-on user, bypassing the […] The post BitlockMove Tool Enables Lateral Movement via Bitlocker DCOM & COM Hijacking appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
This week in cybersecurity serves as a critical reminder of the pervasive risks within the digital supply chain, as several industry-leading companies disclosed significant data breaches. The incidents, affecting vulnerability management giants Tenable and Qualys, as well as enterprise software provider Workday, all stemmed from a security flaw in a common third-party service. This chain […] The post Weekly Cybersecurity News Recap : Tenable, Qualys, Workday Data Breaches and Security Updates appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly introduced feature in ChatGPT that allows it to connect with personal data applications can be exploited by attackers to exfiltrate private information from a user’s email account. The attack requires only the victim’s email address and leverages a malicious calendar invitation to hijack the AI agent. On Wednesday, OpenAI announced that ChatGPT would […] The post ChatGPT’s New Support for MCP Tools Let Attackers Exfiltrate All Private Details From Email appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Samsung has released its September 2025 security update, addressing a critical zero-day vulnerability that is being actively exploited in the wild. The patch resolves a total of 25 Samsung Vulnerabilities and Exposures (SVEs), alongside fixes from Google and Samsung Semiconductor, to safeguard Galaxy devices against a range of security threats. Users are strongly urged to […] The post Samsung Patches Actively Exploited Zero-Day Vulnerability Enabling Remote Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ESET Research has uncovered a sophisticated new ransomware variant called HybridPetya, discovered on the VirusTotal sample sharing platform. This malware represents a dangerous evolution of the infamous Petya/NotPetya ransomware family, incorporating a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
