-
Ivanti has rolled out security updates for its Endpoint Manager product, addressing three high-severity vulnerabilities that could let authenticated local attackers write arbitrary files anywhere on the system disk. The flaws, if exploited, pose significant risks to enterprise environments by potentially allowing malicious code execution or data tampering. The most recent issue, tracked as CVE-2025-10918, […] The post Ivanti Endpoint Manager Vulnerabilities Let Attackers Write Arbitrary Files to Disk appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security vulnerability has been discovered in Zoom Workplace’s VDI Client for Windows that could allow attackers to escalate their privileges on affected systems. The flaw, tracked as CVE-2025-64740 and assigned bulletin ZSB-25042, has been rat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The notorious APT-C-08 hacking group, also known as BITTER, has been observed weaponizing a critical WinRAR directory traversal vulnerability (CVE-2025-6218) to launch sophisticated attacks against government organizations across South Asia. This devel…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security vulnerability has been discovered in Zoom Workplace VDI Client for Windows that could allow attackers to gain elevated privileges on affected systems. The flaw, tracked as CVE-2025-64740, has been assigned a high severity rating with a CVSS score of 7.5, according to Zoom’s security bulletin ZSB-25042. The vulnerability stems from improper verification of […] The post Zoom Workplace for Windows Vulnerability Allow Users to Escalate Privilege appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SAP has released a significant security update addressing 18 new vulnerabilities across its enterprise software portfolio, including several critical flaws related to code execution and data injection. This monthly security patch day features four high…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in WatchGuard Firebox firewalls could allow attackers to gain complete administrative access to the devices without any authentication. The flaw, tracked as CVE-2025-59396, stems from insecure default configurations that expose SSH access on port 4118 using hardcoded credentials. WatchGuard Firebox appliances through September 10, 2025, ship with default SSH credentials (admin:readwrite) that […] The post WatchGuard Firebox Firewall Vulnerability Let Attackers Gain Unauthorized SSH Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Devolutions Server has been found vulnerable to a critical security flaw that allows low-privileged authenticated users to impersonate other accounts by replaying pre-MFA cookies. The vulnerability, identified as CVE-2025-12485, carries a critical CVS…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security vulnerability has been discovered in WatchGuard Firebox devices that could allow attackers to bypass authentication mechanisms and gain unauthorized SSH access to affected systems. Tracked as CVE-2025-59396, this flaw poses a significant thr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Zoom has issued multiple security bulletins detailing patches for several vulnerabilities affecting its Workplace applications. The disclosures, published today, highlight two high-severity issues alongside medium-rated flaws, underscoring the ongoing challenges in securing video conferencing tools used by millions in hybrid work environments. These updates come as cybersecurity experts warn of increasing exploitation attempts on collaboration […] The post Zoom Vulnerabilities Let Attackers Bypass Access Controls to Access Session Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SAP released its monthly Security Patch Day updates, addressing 18 new security notes and providing two updates to existing ones, focusing on vulnerabilities that could enable remote code execution and various injection attacks across its product ecosystem. These patches are crucial for enterprises relying on SAP systems, as unpatched flaws could expose sensitive data and […] The post SAP Security Update – Patch for Critical Vulnerabilities Allowing Code Execution and Injection Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
