A critical vulnerability in Zyxel’s ATP and USG series firewalls that allows attackers to bypass authorization controls and access sensitive system configurations. Dubbed CVE-2025-9133, this flaw affects devices running firmware versions up to V5.40(ABPS.0) and enables unauthorized viewing and downloading of configs even during the two-factor authentication (2FA) process. Disclosed on August 14, 2025, the […] The post ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration appeared first on Cyber Security News.

Microsoft has disclosed a serious security flaw in ASP.NET Core that enables authenticated attackers to smuggle HTTP requests and evade critical protections. Tracked as CVE-2025-55315, the vulnerability stems from inconsistent handling of HTTP requests, a classic issue known as HTTP request/response smuggling. Released on October 14, 2025, this flaw affects developers relying on the popular […] The post Critical ASP.NET Vulnerability Allows Attacker To Bypass Security Feature Remotely appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert on October 20, 2025, highlighting a severe vulnerability CVE-2025-33073 in Microsoft’s Windows SMB Client. Dubbed an improper access control flaw, this vulnerability tracked under CVE details yet to be fully specified poses a significant risk of privilege escalation for attackers worldwide. As cyber threats […] The post CISA Warns of Windows SMB Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

The Shadowserver Foundation has uncovered more than 71,000 internet-exposed WatchGuard devices running vulnerable versions of Fireware OS. The flaw, tracked as CVE-2025-9242, stems from an out-of-bounds write vulnerability in the IKEv2 implementation, potentially allowing remote attackers to execute arbitrary code without authentication. Disclosed earlier this year, the issue highlights the dangers of unpatched firewalls in […] The post 71,000+ WatchGuard Devices Vulnerable to Remote Code Execution Attacks appeared first on Cyber Security News.

A critical zero-click vulnerability in Dolby Digital Plus (DDP) audio decoding software has been disclosed, allowing attackers to execute malicious code remotely via seemingly innocuous audio messages. Google Project Zero’s Ivan Fratric and Natalie Silvanovich have identified an out-of-bounds write flaw in the DDPlus Unified Decoder, which processes evolution data in audio files. This bug […] The post Dolby Digital Plus 0-Click Vulnerability Enables RCE Attack via Malicious Audio on Android appeared first on Cyber Security News.