At Pwn2Own Ireland 2025, cybersecurity researchers Ben R. and Georgi G. from Interrupt Labs showcased an impressive achievement by successfully exploiting a zero-day vulnerability in the Samsung Galaxy S25. This allowed them to gain full control over the device, enabling them to activate the camera and track the user’s location. The exploit, revealed on the […] The post Hackers Exploited Samsung Galaxy S25 0-Day Vulnerability to Enable Camera and Track Location appeared first on Cyber Security News.

Hackers have begun actively targeting a critical remote code execution flaw in Adobe’s Magento e-commerce platform, putting thousands of online stores at immediate risk just six weeks after Adobe issued an emergency patch. Known as SessionReaper and tracked as CVE-2025-54236, the vulnerability allows unauthenticated attackers to hijack customer sessions and potentially execute arbitrary code, leading […] The post Hackers Exploiting Adobe Magento RCE Vulnerability Exploited in the Wild – 3 in 5 Stores Vulnerable appeared first on Cyber Security News.

CISA has issued a critical alert regarding a severe vulnerability in Motex LANSCOPE Endpoint Manager, a popular tool for managing IT assets across networks. Dubbed an improper verification of the source of a communication channel flaw, this issue allows attackers to execute arbitrary code simply by sending specially crafted packets. The vulnerability, tracked under CVE-2025-61932, […] The post CISA Warns of Motex LANSCOPE Endpoint Manager Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Atlassian has disclosed a high-severity path traversal vulnerability in Jira Software Data Center and Server that enables authenticated attackers to arbitrarily write files to any path accessible by the Java Virtual Machine (JVM) process. This flaw, tracked as CVE-2025-22167 with a CVSS score of 8.7, affects versions from 9.12.0 through 11.0.1 and was internally discovered, […] The post Jira Software Vulnerability Let Attacker Modify Any Filesystem Path Writable By JVM process appeared first on Cyber Security News.

A severe vulnerability in the async-tar Rust library and its popular forks, including the widely used tokio-tar. Dubbed TARmageddon and tracked as CVE-2025-62518, the bug carries a CVSS score of 8.1, classifying it as high severity. It allows attackers to manipulate TAR archive parsing, potentially overwriting critical files like configuration scripts and triggering remote code […] The post TARmageddon Vulnerability In Rust Library Let Attackers Replace Config Files And Execute Remote Codes appeared first on Cyber Security News.

Oracle has disclosed multiple critical vulnerabilities in its Oracle VM VirtualBox virtualization software, potentially allowing attackers to achieve complete control over the VirtualBox environment. These flaws, detailed in the October 2025 Critical Patch Update (CPU), affect the Core component of VirtualBox versions 7.1.12 and 7.2.2, enabling high-privileged local attackers to compromise confidentiality, integrity, and availability […] The post Multiple Oracle VM VirtualBox Vulnerabilities Enables Complete Takeover Of VirtualBox appeared first on Cyber Security News.