-
A critical security vulnerability has been discovered in the Apache bRPC framework that could allow remote attackers to crash servers by sending specially crafted JSON data. The flaw, tracked as CVE-2025-59789, affects all versions of Apache bRPC before 1.15.0 across all platforms. The vulnerability exists in the json2pb component of Apache bRPC, which converts JSON data to Protocol […] The post Critical Apache bRPC Framework Vulnerability Let Attackers Crash the Server appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have released a proof-of-concept (PoC) exploit for CVE-2024-21413, a critical remote code execution vulnerability in Microsoft Outlook dubbed “MonikerLink.” This flaw enables attackers to execute arbitrary code on victi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Linus Torvalds has officially released Linux 6.18, the latest stable version of the Linux kernel. The announcement came on Sunday, November 30, 2025, marking another milestone for the open-source operating system that powers everything from smartphones…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recently discovered vulnerability in Apache SkyWalking, a popular application performance monitoring tool, could allow attackers to execute malicious scripts and launch cross-site scripting (XSS) attacks. The flaw, identified as CVE-2025-54057, affec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in the Angular framework that could allow attackers to steal sensitive user security tokens. The vulnerability, tracked as CVE-2025-66035, affects the Angular HttpClient and involves the accidental leakage of Cross-Site Request Forgery (XSRF) tokens. Angular applications use a built-in protection mechanism to prevent Cross-Site Request Forgery (CSRF) attacks. Angular HTTP Client […] The post Angular HTTP Client Vulnerability Exposes XSRF Token to an Attacker-Controlled Domain appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab’s security team has discovered a severe, ongoing attack spreading dangerous malware through npm, the world’s most extensive code library. The malware uses an alarming “dead man’s switch,” a self-destruct trigger tha…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have discovered a critical vulnerability in Microsoft Teams that allows attackers to bypass all Defender for Office 365 protections by inviting users into malicious tenant environments. The flaw exploits a fundamental architectural…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA has released security updates to address fourteen critical vulnerabilities in its DGX Spark system. These flaws could allow attackers to execute malicious code, steal sensitive information, and launch denial-of-service attacks that crash the sys…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
More than two decades after its initial discovery, the NTLM authentication protocol continues to plague Windows systems worldwide. What started in 2001 as a theoretical vulnerability has evolved into a widespread security crisis, with attackers actively weaponizing multiple NTLM flaws to compromise networks across different regions. The New Technology LAN Manager (NTLM) protocol was designed […] The post Hackers Exploit NTLM Authentication Flaws to Target Windows Systems appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybercriminals are now selling lifetime access to malicious AI chatbots WormGPT and KawaiiGPT for as little as $220, marking a dangerous new chapter in AI-powered cybercrime. These tools remove all ethical restrictions found in mainstream AI models, enabling attackers to generate phishing emails, create ransomware, and automate hacking operations with minimal technical skill. Large language […] The post Hackers Sell Lifetime Access to WormGPT and KawaiiGPT for Just $220 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
