-
CISA has added two critical vulnerabilities affecting Dassault Systèmes DELMIA Apriso to its Known Exploited Vulnerabilities catalog, warning that threat actors are actively exploiting these security flaws in real-world attacks. The alert, issued on October 28, 2025, requires federal agencies to implement mitigations by November 18, 2025, while urging all organizations using the affected software […] The post CISA Warns of Dassault Systèmes Vulnerabilities Actively Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding two severe vulnerabilities discovered in Dassault Systèmes DELMIA Apriso, a widely used manufacturing execution system. The agency has added thes…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A vulnerability in Google Messages on Wear OS devices allows any installed app to silently send SMS, MMS, or RCS messages on behalf of the user. Dubbed CVE-2025-12080, the issue stems from improper handling of ACTION_SENDTO intents using URI schemes like sms:, smsto:, mms:, and mmsto:. This misconfiguration bypasses user confirmation and permission checks, enabling […] The post Google Wear OS Message App Vulnerability Let Any Installed App To Send SMS Behalf Of User appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Magento, the popular e-commerce platform, is now rebranded as Adobe Commerce. Dubbed SessionReaper and tracked as CVE-2025-54236, this improper input validation flaw allows attackers to hijack user sessions and, in some cases, execute malicious code remotely. The discovery highlights the ongoing risks to online retailers, with over 250 Magento stores reportedly […] The post Magento Input Validation Vulnerability Exploited In Wild To Hijack Session And Execute Malicious Codes appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in XWiki collaboration software is being actively exploited by threat actors to deploy cryptocurrency mining malware on vulnerable systems. The flaw, tracked as CVE-2025-24893, represents a serious threat to organizati…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has issued a critical security update for ASP.NET Core to address CVE-2025-55315, a high-severity flaw that enables HTTP request smuggling and could allow attackers to bypass key security controls. Disclosed on October 14, 2025, this vulnerability has a CVSS v3.1 score of 9.9, making it one of the most severe issues ever reported in […] The post Microsoft Details ASP.NET Vulnerability That Enables Attackers To Smuggle HTTP Requests appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Docker Compose, a cornerstone tool for developers managing containerized application harbors a high-severity vulnerability that lets attackers overwrite files anywhere on a host system. Discovered in early October 2025 by Imperva, the issue stems from improper handling of remote artifacts in Docker’s OCI support, enabling path traversal attacks without even launching containers. Assigned CVE-2025-62725 with […] The post Docker Compose Vulnerability Allow Attacks To Overwrite Arbitrary Files appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Mozilla has announced a significant transparency initiative for its Firefox browser ecosystem, implementing mandatory data disclosure requirements for extension developers. Starting November 3rd, 2025, all newly submitted Firefox extensions must explic…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released a critical security update addressing a severe vulnerability in ASP.NET Core that could enable attackers to execute HTTP request smuggling attacks. On October 14, 2025, the company issued patches for CVE-2025-55315, a security fe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new remote access trojan called Atroposia has emerged in underground cybercrime marketplaces, offering attackers a comprehensive toolkit for hidden remote desktop access, credential theft, and network manipulation at an accessible price…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
