-
Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used game development platform. The flaw, designated CVE-2025-59489, exposes applications built with vulnerable Unity Editor versions to unsafe file loading attacks that could enable local code execution and privilege escalation across multiple operating systems. The vulnerability stems from […] The post Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability affecting DrayOS routers could let unauthenticated attackers execute code remotely. Discovered on July 22 by Pierre-Yves Maes of ChapsVision, the flaw stems from the use of an uninitialized variable in the Web User Interface (W…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Grafana, the popular open-source analytics and visualization platform, has once again become the target of a large‐scale, coordinated exploitation effort. On 28 September, security researchers at GreyNoise detected a sudden spike in attempts to exploit CVE-2021-43798, a path traversal flaw that permits arbitrary file reads on unpatched instances. Over the course of a single day, […] The post Hackers Attempting to Exploit Grafana Vulnerability that Enables Arbitrary File Reads appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability has been discovered in DrayTek’s DrayOS routers, which could allow unauthenticated remote attackers to execute malicious code. The flaw, tracked as CVE-2025-10547, affects a wide range of Vigor router models, prompting administrators to apply security updates urgently. The vulnerability, detailed in security advisory DSA-2025-005 released on October 2, 2025, is classified as […] The post DrayOS Routers Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers at GreyNoise observed a sudden spike in attempts to exploit a well-known Grafana flaw. This vulnerability, tracked as CVE-2021-43798, allows attackers to traverse paths on a server and read any file they choose. Over the course of a single …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Oracle Corporation has officially acknowledged that cybercriminals are targeting customers of its E-Business Suite (EBS) platform through sophisticated extortion campaigns. The company’s Chief Security Officer, Rob Duhart, confirmed that hackers have been exploiting previously identified vulnerabilities that were addressed in Oracle’s July 2025 Critical Patch Update (CPU). This latest security incident underscores the persistent threat […] The post Oracle Confirms that Hackers Targeting E-Business Suite Data With Extortion Emails appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft Defender for Endpoint users, particularly those with Dell devices, are experiencing a widespread issue with false Basic Input/Output System (BIOS) security alerts due to a critical software bug. The problem, which surfaced on October 2, 2025,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NCC Group detailed a VMware Workstation guest-to-host escape achievable from a compromised VM via a logic flaw in virtual device handling that permits memory corruption and controlled code execution on the host process. The write-up shows a practical e…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Obex, a newly released proof-of-concept utility by security researcher dis0rder0x00, demonstrates a simple but effective user-mode method to stop unwanted security and monitoring modules from loading into Windows processes. The tool launches a target p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Three critical security flaws were discovered in firmware version V9.4.0cu.1360_B20241207 of the TOTOLINK X6000R router released on March 28, 2025. These vulnerabilities range from argument injection and command injection to a security bypass that can …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
