-
Microsoft addressed a critical race condition vulnerability affecting its Windows Cloud Files Minifilter driver in October 2025. The flaw, assigned CVE-2025-55680, was originally discovered in March 2024 and represents a significant security concern fo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has patched a critical race condition vulnerability in its Windows Cloud Files Minifilter driver, known as CVE-2025-55680, which enables local attackers to escalate privileges and create arbitrary files across the system. Discovered by researchers at Exodus Intelligence in March 2024, the flaw was addressed in the October 2025 Patch Tuesday updates, earning a CVSS […] The post Microsoft Windows Cloud Files Minifilter Privilege Escalation Vulnerability Exploited appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has officially promoted Chrome 142 to the stable channel, delivering critical security updates for Windows, Mac, and Linux users. The rollout begins immediately and will continue over the next few days or weeks, ensuring widespread protection against newly discovered threats. This version addresses 20 vulnerabilities, many of which could enable attackers to execute malicious […] The post Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about active exploitation of a critical vulnerability affecting Windows Server Update Service (WSUS). The agency updated its alert on October 29, 2025, adding cruc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw has been discovered in the Anti-Malware Security and Brute-Force Firewall WordPress plugin, putting more than 100,000 websites at risk. The vulnerability, identified as CVE-2025-11705, allows authenticated attackers with basic …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a critical update issued on October 29, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) has provided organizations with enhanced guidance on detecting and mitigating threat activity related to the actively exploited CVE-2025-59287 vulnerability in Microsoft’s Windows Server Update Services (WSUS). This remote code execution flaw, rated at a CVSS score of 9.8, allows […] The post CISA Shares New Threat Detections for Actively Exploited WSUS Vulnerability appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical cross-site scripting (XSS) vulnerability has been discovered in the popular LiteSpeed Cache plugin for WordPress, affecting millions of websites worldwide. The vulnerability, tracked as CVE-2025-12450, poses a significant risk to site visitors and administrators alike. The LiteSpeed Cache plugin is one of the most widely used performance optimization tools in the WordPress ecosystem, […] The post WordPress Plugin Vulnerability Exposes 7 Million Sites to XSS Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new open-source tool called HikvisionExploiter has emerged, designed to automate attacks on vulnerable Hikvision IP cameras. Released on GitHub in mid-2024 but gaining renewed attention amid 2025’s surge in camera exploits, this Python-based utility targets unauthenticated endpoints in cameras running outdated firmware, such as version 3.1.3.150324. Developed for researchers and red teamers, it streamlines […] The post Hikvision Exploiter – An Automated Exploitation Toolkit Targeting Hikvision IP Cameras appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A public exploit code demonstrating how attackers could exploit CVE-2025-40778, a critical vulnerability in BIND 9 that enables DNS cache poisoning. The Internet Systems Consortium (ISC) initially disclosed this flaw on October 22, revealing a dangerous weakness in the world’s most widely used DNS software. The vulnerability allows remote, unauthenticated attackers to inject forged DNS […] The post PoC Exploit Released for BIND 9 Vulnerability that Let Attackers Forge DNS Records appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability discovered in Google Messages for Wear OS has exposed millions of smartwatch users to a significant security risk. Identified as CVE-2025-12080, the flaw allows any installed application to send text messages on behalf of the u…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
