A vulnerability has been discovered in Lite XL, a lightweight text editor, that could allow attackers to execute arbitrary code on affected systems. Carnegie Mellon University experts identified CVE-2025-12120, which affects Lite XL versions 2.1.8 and earlier. The flaw exists in how Lite XL handles project configuration files. How the Vulnerability Works When users open […] The post Lite XL Text editor Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway products. Tracked as CVE-2025-12101, the flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking, data theft, or unauthorized actions. The vulnerability carries a moderate CVSSv4 score of 5.9, highlighting its […] The post Citrix NetScaler ADC and Gateway Vulnerability Enables Cross-Site Scripting Attacks appeared first on Cyber Security News.

Apache OpenOffice has released version 4.1.16, addressing seven critical security vulnerabilities that enable unauthorized remote document loading and memory corruption attacks. These flaws represent a significant security risk to users of the popular open-source office suite. The most severe vulnerabilities involve unauthorized remote content loading without user prompts or warnings. Attackers can exploit these weaknesses to load […] The post Multiple Apache OpenOffice Vulnerabilities Leads to Memory Corruption and Unauthorized Content Loading appeared first on Cyber Security News.

An advanced hacking group is actively exploiting zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix systems. These attacks, spotted in real-world operations, allow hackers to deploy custom webshells and gain deep access to corporate networks. The findings highlight how attackers are targeting key systems that manage user logins and network controls, putting businesses […] The post Hackers Actively Exploiting Cisco and Citrix 0-Days in the Wild to Deploy Webshell appeared first on Cyber Security News.

A Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT. The flaw, lurking in the Custom GPT “Actions” feature, allowed attackers to trick the system into accessing internal cloud metadata, potentially exposing sensitive Azure credentials. The bug, discovered by Open Security during casual experimentation, highlights the risks of user-controlled URL handling in AI tools. SSRF vulnerabilities […] The post ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose Secrets appeared first on Cyber Security News.