-
Grafana, the popular open-source analytics and visualization platform, has once again become the target of a large‐scale, coordinated exploitation effort. On 28 September, security researchers at GreyNoise detected a sudden spike in attempts to exploit CVE-2021-43798, a path traversal flaw that permits arbitrary file reads on unpatched instances. Over the course of a single day, […] The post Hackers Attempting to Exploit Grafana Vulnerability that Enables Arbitrary File Reads appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability has been discovered in DrayTek’s DrayOS routers, which could allow unauthenticated remote attackers to execute malicious code. The flaw, tracked as CVE-2025-10547, affects a wide range of Vigor router models, prompting administrators to apply security updates urgently. The vulnerability, detailed in security advisory DSA-2025-005 released on October 2, 2025, is classified as […] The post DrayOS Routers Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers at GreyNoise observed a sudden spike in attempts to exploit a well-known Grafana flaw. This vulnerability, tracked as CVE-2021-43798, allows attackers to traverse paths on a server and read any file they choose. Over the course of a single …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Oracle Corporation has officially acknowledged that cybercriminals are targeting customers of its E-Business Suite (EBS) platform through sophisticated extortion campaigns. The company’s Chief Security Officer, Rob Duhart, confirmed that hackers have been exploiting previously identified vulnerabilities that were addressed in Oracle’s July 2025 Critical Patch Update (CPU). This latest security incident underscores the persistent threat […] The post Oracle Confirms that Hackers Targeting E-Business Suite Data With Extortion Emails appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft Defender for Endpoint users, particularly those with Dell devices, are experiencing a widespread issue with false Basic Input/Output System (BIOS) security alerts due to a critical software bug. The problem, which surfaced on October 2, 2025,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NCC Group detailed a VMware Workstation guest-to-host escape achievable from a compromised VM via a logic flaw in virtual device handling that permits memory corruption and controlled code execution on the host process. The write-up shows a practical e…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Obex, a newly released proof-of-concept utility by security researcher dis0rder0x00, demonstrates a simple but effective user-mode method to stop unwanted security and monitoring modules from loading into Windows processes. The tool launches a target p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Three critical security flaws were discovered in firmware version V9.4.0cu.1360_B20241207 of the TOTOLINK X6000R router released on March 28, 2025. These vulnerabilities range from argument injection and command injection to a security bypass that can …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released Chrome 141 to address 21 security vulnerabilities, including critical flaws that could allow attackers to crash browsers and potentially execute malicious code. The update, rolling out across Windows, Mac, and Linux platforms, patches several high-severity vulnerabilities that pose significant risks to user security. The most severe vulnerability addressed is CVE-2025-11205, a heap […] The post Chrome Security Update – Patch for 21 Vulnerabilities that Allows Attackers to Crash Browser appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the official Termix Docker image puts users at risk of exposing sensitive SSH credentials. The flaw allows anyone with network access to retrieve stored host addresses, usernames, and passwords without logging in. How the Vu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
