-
A critical vulnerability was discovered in the AI-Bolit component of Imunify security products, raising concerns across the web hosting and Linux server communities. This flaw could let attackers execute arbitrary code and escalate their privileges to …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released an urgent security update for its Chrome browser to address a critical zero-day vulnerability actively exploited by threat actors. The flaw, tracked as CVE-2025-13223, affects the V8 JavaScript engine and poses a significant risk to…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft Azure successfully defended against a record-breaking distributed denial-of-service (DDoS) attack that peaked at 15.72 terabits per second (Tbps), making it the most significant DDoS attack ever observed in the cloud. On October 24, 2025, Azu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Fortinet FortiWeb vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively exploited in the wild. The vulnerability, tra…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has rushed out a critical update for its Chrome browser to address a zero-day vulnerability actively exploited in the wild, urging users to update immediately to mitigate the risk posed by sophisticated attackers. The patch, rolled out in Chrome Stable version 142.0.7444.175 for Windows and Linux, and 142.0.7444.176 for Mac, fixes two high-severity type […] The post Chrome Type Confusion Zero-Day Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical logic flaw discovered in the widely used mPDF PHP library could expose internal networks and sensitive services on approximately 70 million devices worldwide. The vulnerability stems from improper regular expression parsing, which allows att…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding multiple vulnerabilities affecting General Industrial Controls’ Lynx+ Gateway device. Released on November 13, 2025, under alert code ICSA-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sandbox escape vulnerability affecting iPhones and iPads running iOS 16.2 beta 1 or earlier versions. The proof-of-concept (POC) exploits weaknesses in the itunesstored and bookassetd daemons, enabling attackers to modify sensitive files on the device’s Data partition areas typically protected from unauthorized access. Researcher Kim shared the details in a blog post on October […] The post New MobileGestalt Exploit for iOS 26.0.1 Enables Unauthorized Writes to Protected Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sharp increase in attacks targeting a critical vulnerability in XWiki servers. Multiple threat actors are actively exploiting CVE-2025-24893 to deploy botnets and coin miners, and to establish unauthorized server access across the internet. Since the initial discovery on October 28, 2025, exploitation has expanded dramatically. VulnCheck reported that multiple independent attackers are now actively targeting the […] The post Hackers Exploiting XWiki Vulnerability in the Wild to Hire the Servers for Botnet appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
IBM has released critical security updates addressing four severe vulnerabilities in AIX and VIOS systems that could allow remote attackers to execute arbitrary commands, steal credentials, and traverse system directories. The vulnerabilities affect mu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
