-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert after adding three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025. The alert highlights active exploitatio…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in Zendesk’s Android SDK implementation that allows attackers to perform mass account takeovers without any user interaction. The flaw, which earned a $3,000 bug bounty payout, stems from predictable token generation mechanisms that enable unauthorized access to all Zendesk support tickets across affected organizations. Key Takeaways1. Predictable JWT […] The post 0-Click Zendesk Account Takeover Vulnerability Enables Access to all Zendesk Tickets appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A comprehensive security analysis of vtenext CRM version 25.02 has revealed multiple critical vulnerabilities that allow unauthenticated attackers to bypass authentication mechanisms through three distinct attack vectors, ultimately leading to remote code execution on target systems. The Italian CRM solution, utilized by numerous small and medium enterprises across Italy, faces significant security exposure despite attempted […] The post Multiple vtenext Vulnerabilities Let Attackers Bypass Authentication and Execute Remote Codes appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-click vulnerability in Zendesk’s Android SDK has been uncovered, enabling attackers to hijack support accounts and harvest every ticket without any user interaction. Discovered during a private bug bounty program, the flaw stems from we…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researcher Mattia “0xbro” Brollo disclosed a trio of severe vulnerabilities in vtenext CRM (versions 25.02 and earlier) that enable unauthenticated attackers to completely bypass login controls and execute arbitrary code on affected installati…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Arch Linux—the community-driven, lightweight distribution renowned for its rolling-release model—has confirmed that a distributed denial-of-service (DDoS) attack has been targeting its core infrastructure for over a week. Beginning on August 18, users …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has acknowledged that the August 2025 security update—KB5063878—can cause significant performance degradation on both Windows 11, version 24H2, and supported Windows 10 releases. The company’s Windows release health dashboard confirms reports…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in Tableau Server could enable attackers to upload and execute malicious files, potentially leading to complete system compromise. The vulnerability, tracked as CVE-2025-26496 with a CVSS score of 9.6, affects multiple versions of both Tableau Server and Tableau Desktop across Windows and Linux platforms. Key Takeaways1. Tableau Server allows malicious file […] The post Critical Tableau Server Vulnerability Let Attackers Upload Malicious Files appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are increasingly abusing native evaluation and execution functions to conceal and execute malicious payloads within innocent-looking packages on PyPI. Security researchers warn that while static analysis libraries such as hexora can detec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Shortly after the May 2025 rollout of 107 Copilot Agents in Microsoft 365 tenants, security specialists discovered that the “Data Access” restriction meant to block agent availability is being ignored. Key Takeaways1. The “NoUsersCanAccessAgent” policy is bypassed, leaving some Copilot Agents installable.2. Manual per-agent PowerShell revocations add overhead and risk.3. Mitigate by auditing inventories, enforcing […] The post Microsoft Copilot Agent Policy Let Any Users Access AI Agents appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
