-
Grafana Labs has disclosed a critical security vulnerability affecting Grafana Enterprise that could allow attackers to escalate privileges and impersonate users. The flaw, tracked as CVE-2025-41115, has received the maximum CVSS score of 10.0, making it one of the most severe vulnerabilities discovered in recent times. The vulnerability exists in Grafana’s SCIM (System for Cross-domain Identity […] The post Critical Grafana Vulnerability Let Attackers Escalate Privilege appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in ASUSTOR backup and synchronization software, allowing attackers to execute malicious code with elevated system privileges. The flaw, tracked as CVE-2025-13051, affects two widely used ASUSTOR applications and poses a significant risk to users running outdated versions. The DLL Hijacking Vulnerability The vulnerability stems from a DLL hijacking […] The post Critical ASUSTOR Vulnerability Let Attackers Execute Malicious Code with Elevated Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Grafana Labs has released critical security patches addressing a severe vulnerability in its SCIM provisioning feature that could allow attackers to escalate privileges or impersonate users. The flaw, tracked as CVE-2025-41115 with a CVSS score of 10.0…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That allows remote unauthenticated attackers to crash firewalls through denial-of-service attacks. The vulnerability was internally discovered and reported by SonicWall’s security team. The flaw, tracked as CVE-2025-40601, carries a CVSS score of 7.5 and affects multiple generations of SonicWall firewall products. Field […] The post SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at the AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated cyberattack campaign targeting Microsoft Windows Server Update Services (WSUS) infrastructure. The attackers are exploiting a critical remote code exe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have identified a dangerous flaw in the Windows Graphics Component that enables attackers to seize complete control of computers using nothing more than a crafted image file. The vulnerability, tracked as CVE-2025-50165, represents…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-13223…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
noBGP has launched pi GPT, a groundbreaking integration that transforms Raspberry Pi devices into ChatGPT-controlled development and production environments. The new tool eliminates the complexity of traditional networking, allowing developers to write…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The United States, Australia, and the United Kingdom have announced coordinated sanctions against Media Land, a Russia-based bulletproof hosting provider, and related entities for supporting ransomware operations and other cybercrimes. The Department o…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical authentication bypass vulnerability in the Milvus vector database could allow attackers to gain administrative access without credentials. The flaw exists in how the Milvus Proxy component handles HTTP headers, treating user-controlled data …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
