-
A critical remote code execution (RCE) flaw in XWiki, a popular open-source wiki platform, was exploited in the wild to deploy cryptocurrency mining malware on compromised servers. The vulnerability, tracked as CVE-2025-24893, allows unauthenticated attackers to inject malicious templates and execute arbitrary code, bypassing authentication entirely. This discovery highlights the growing threat to web applications, […] The post XWiki RCE Vulnerability Actively Exploted In Wild To Deliver Coinminer appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Ubuntu’s Linux kernel has been exposed, allowing local attackers to escalate privileges and potentially gain root access on affected systems. Disclosed at TyphoonPWN 2025, the flaw stems from a reference count imbalance in the af_unix subsystem, leading to a use-after-free (UAF) condition that researchers demonstrated with a full proof-of-concept exploit. This […] The post Ubuntu’s Kernel Vulnerability Let Attackers Escalate Privileges and Gain Root Access appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
IPFire 2.29 Core Update 198 marks a significant advancement for users of this open-source firewall, introducing enhanced Intrusion Prevention System (IPS) capabilities powered by Suricata 8.0.1. This release emphasizes improved network monitoring through innovative reporting tools, alongside toolchain rebasing and extensive package updates to bolster security and performance. Designed for both small offices and large […] The post Open-Source Firewall IPFire 2.29 With New Reporting For Intrusion Prevention System appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has unveiled a critical vulnerability in ASP.NET Core that could enable attackers to sidestep essential security measures. Disclosed on October 24, 2025, under CVE-2025-55315, this flaw stems from HTTP Request Smuggling (CWE-444) and poses risks to systems relying on outdated .NET components. QNAP, a leading provider of network-attached storage solutions, has issued urgent guidance, […] The post Critical .NET Vulnerability Lets Attacker Bypass Security in QNAP Backup Software appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant security vulnerability has emerged affecting QNAP’s NetBak PC Agent software through a critical flaw in Microsoft ASP.NET Core. The vulnerability, tracked as CVE-2025-55315, exploits HTTP Request Smuggling techniques to bypass essen…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark advisory highlighting two severe vulnerabilities in Veeder-Root’s TLS4B Automatic Tank Gauge System, a critical tool used in fuel storage and management across the energy sector. These flaws, if exploited, could enable attackers to run arbitrary system-level commands on affected devices, potentially leading to […] The post CISA Warns Of Critical Veeder-Root Vulnerabilities Let Attackers Execute System-level Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding serious vulnerabilities in Veeder-Root’s TLS4B Automatic Tank Gauge System. Released on October 23, 2025, the alert warns that attackers co…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new vulnerability in early versions of OpenVPN has been disclosed, potentially allowing malicious servers to execute arbitrary commands on client machines. The flaw affects OpenVPN releases from 2.7_alpha1 to 2.7_beta1, enabling script-injection attacks on POSIX-based systems such as Linux, macOS, and BSD variants. The issue stems from inadequate sanitization of the –dns and –dhcp-option […] The post OpenVPN Vulnerability Exposes Linux, macOS Systems to Script Injection Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated phishing campaign orchestrated by the notorious Gamaredon threat group, specifically targeting government entities through exploitation of a critical WinRAR vulnerability. The attack leverages CV…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Apache Software Foundation has disclosed two security vulnerabilities affecting multiple versions of Apache Tomcat, with one flaw posing a serious risk of remote code execution on vulnerable servers. The flaws impact Apache Tomcat versions 9, 10, a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
