-
Ivanti has disclosed 13 vulnerabilities in Ivanti Endpoint Manager (EPM), including two high-severity issues that could enable privilege escalation and remote code execution, and eleven medium-severity SQL injection flaws. While there is no evidence of…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Elastic has released a critical security update for Elastic Cloud Enterprise (ECE) addressing a template engine injection flaw that could allow attackers with admin privileges to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI’s newly launched Guardrails framework, designed to enhance AI safety by detecting harmful behaviors, has been swiftly compromised by researchers using basic prompt injection methods. Released on October 6, 2025, the framework employs large language models (LLMs) to judge inputs and outputs for risks like jailbreaks and prompt injections, but experts from HiddenLayer demonstrated that […] The post Hackers Can Bypass OpenAI Guardrails Using a Simple Prompt Injection Technique appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Lenovo’s Dispatcher drivers has come under the spotlight after researchers released a proof-of-concept exploit that demonstrates privilege escalation on affected Windows systems. Identified as CVE-2025-8061, this flaw stems from insufficient access controls in the drivers, potentially allowing local attackers to execute arbitrary code with elevated privileges. Discovered by security firm Quarkslab, […] The post PoC Exploit Unveiled for Lenovo Code Execution Vulnerability Enabling Privilege Escalation appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP), a cornerstone of confidential computing deployed by major cloud providers like AWS, Azure, and Google Cloud. Dubbed RMPocalypse, the attack exploits a flaw in the initialization of the Reverse Map Table (RMP), which enforces memory integrity to prevent hypervisors from tampering with […] The post New RMPocalypse Attack Let Hackers Break AMD SEV-SNP To Exfiltrate Confidential Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Axis Communications, a leading provider of network video and surveillance solutions, has confirmed a critical vulnerability in its Autodesk® Revit® plugin that exposed Azure Storage Account credentials within signed DLLs. Discovered in July 2024 by Tre…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recent analysis from researcher Itamar Hällström has revealed the technical workings and forensic trail of “EDR-Freeze,” a proof-of-concept technique that temporarily disables security software. By abusing legitimate Windows components, this method can place Endpoint Detection and Response (EDR) and antivirus (AV) processes into a temporary, reversible coma, allowing attackers to operate undetected. How EDR-Freeze […] The post EDR-Freeze Tool Technical Workings Along With Forensic Artifacts Revealed appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant security flaw has been discovered in Happy DOM, a popular JavaScript DOM implementation, affecting versions up to v19. This vulnerability places systems at risk of Remote Code Execution (RCE) attacks, potentially impacting the package’s 2.7 million weekly users. The flaw arises because the Node.js VM Context used by Happy DOM is not a […] The post Happy DOM Vulnerability Exposes 2.7 Million Users To Remote Code Execution Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in Happy DOM, a popular JavaScript library used for server-side rendering and testing frameworks. The flaw, tracked as CVE-2025-61927, enables attackers to escape the virtual machine context and exe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Oracle has issued a critical security alert for a severe vulnerability in its E-Business Suite platform that could allow attackers to execute remote code and steal sensitive data without requiring authentication. The flaw, identified as CVE-2025-6…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
