-
Google Threat Intelligence Group (GTIG) has issued an advisory concerning a broad data theft operation targeting corporate Salesforce instances via the Drift integration. Beginning as early as August 8, 2025, UNC6395 leveraged valid access and refresh …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cloud Software Group has issued an emergency security bulletin warning of active exploitation targeting three critical vulnerabilities in NetScaler ADC and NetScaler Gateway products. The vulnerabilities, tracked as CVE-2025-7775, CVE-2025-77…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Securden Unified PAM is a comprehensive privileged access management platform that is used to store, manage, and monitor credentials across human, machine, and AI identities in a variety of environments. Security researchers discovered four critical vu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cloud Software Group has disclosed multiple high-severity vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that can lead to remote code execution (RCE) and denial of service (DoS). Exploitation of CVE-2025-7775 has been observed in the wild against unmitigated appliances, and customers are urged to upgrade immediately. Affected versions include […] The post Citrix NetScaler ADC and Gateway 0-Day RCE Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has issued a high-severity warning for CVE-2025-48384, a link-following vulnerability in Git that enables arbitrary file writes via misconfigured carriage return handling in configuration files. This flaw has already seen active exploitation, underscoring the critical need for immediate mitigation. Key Takeaways1. CVE-2025-48384 lets attackers abuse CR handling in Git configs to write arbitrary files.2. […] The post CISA Warns of Git Arbitrary File Write Vulnerability Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
WhatsApp Desktop users who have Python installed on their Windows PCs are at risk of arbitrary code execution due to a flaw in how the application handles Python archive files. A maliciously crafted .pyz file can be executed with a single click, granting attackers full control over the victim’s system. Meta has yet to classify this […] The post WhatsApp Desktop Users At Risk of Code Execution Attacks with Python on Windows PCs appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept exploit for a high-severity Google Chrome zero-day vulnerability has been published publicly, less than three months after the flaw was first disclosed, amid reports of active in-the-wild exploitation. The vulnerability, tracked as C…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical vulnerability in Git (CVE-2025-48384) that enables arbitrary file writes and has already been observed in active exploitation campaigns. The fla…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the popular PhpSpreadsheet library, allowing attackers to inject malicious HTML input when processing spreadsheet documents. The vulnerability, assigned C…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has disclosed a critical zero-day vulnerability in the V8 JavaScript engine used by Chrome, tracked as CVE-2025-5419. Before a patch could be rolled out to all users, proof-of-concept (PoC) exploit code had been published, and active exploitation had been observed in targeted campaigns. Key Takeaways1. CVE-2025-5419 lets attackers exploit V8 OOB read/write for remote […] The post PoC Exploit Released for Chrome 0-Day Vulnerability Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
