-
Cybersecurity researchers have uncovered a sophisticated phishing campaign orchestrated by the notorious Gamaredon threat group, specifically targeting government entities through exploitation of a critical WinRAR vulnerability. The attack leverages CV…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Apache Software Foundation has disclosed two security vulnerabilities affecting multiple versions of Apache Tomcat, with one flaw posing a serious risk of remote code execution on vulnerable servers. The flaws impact Apache Tomcat versions 9, 10, a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity firm LayerX has identified a critical vulnerability in OpenAI’s ChatGPT Atlas browser that allows malicious actors to inject harmful instructions into ChatGPT’s memory and execute remote code. This security flaw poses signific…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Apache Software Foundation has highlighted critical flaws in Apache Tomcat, a widely used open-source Java servlet container that powers numerous web applications. On October 27, 2025, Apache disclosed two vulnerabilities, CVE-2025-55752 and CVE-2025-55754, affecting multiple versions of Tomcat. While the first poses a risk of remote code execution (RCE) under specific configurations, the second […] The post Apache Tomcat Security Vulnerabilities Expose Servers to Remote Code Execution Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ubiquiti’s UniFi Access application has been found vulnerable to a critical flaw that leaves its management API exposed without authentication. Discovered by Catchify Security, this issue allows malicious actors on the management network to potentially take full control of door access systems, raising alarms for organizations relying on the platform for physical security. The vulnerability […] The post Ubiquiti UniFi Door Access App Vulnerability Exposes API Management Without Authentication appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in OpenAI’s newly launched ChatGPT Atlas browser enables attackers to inject malicious instructions into ChatGPT’s memory and execute remote code on user systems. This flaw, uncovered by LayerX, exploits Cross-Site Request Forgery (CSRF) to hijack authenticated sessions, potentially infecting devices with malware or granting unauthorized access. The discovery highlights escalating risks in […] The post OpenAI Atlas Browser Vulnerability Allows Malicious Code Injection into ChatGPT appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The notorious Mem3nt0 mori hacker group has been actively exploiting a zero-day vulnerability in Google Chrome, compromising high-profile targets across Russia and Belarus. Dubbed CVE-2025-2783, this flaw allowed attackers to bypass Chrome’s robust sandbox protections with minimal user interaction, leading to the deployment of sophisticated spyware. Discovered by Kaspersky researchers in March 2025, Google swiftly […] The post Chrome 0-Day Vulnerability Actively Exploited in Attacks by Notorious Hacker Group appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
HashiCorp has disclosed two critical vulnerabilities in its Vault software that could allow attackers to bypass authentication controls and launch denial-of-service (DoS) attacks. Published on October 23, 2025, these flaws affect both Vault Community Edition and Vault Enterprise, prompting urgent recommendations for upgrades. The issues, tracked as CVE-2025-12044 and CVE-2025-11621, stem from misconfigurations in resource […] The post HashiCorp Vault Vulnerabilities Let Attack Bypass Authentication And Trigger DoS Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Dell Technologies has disclosed three critical vulnerabilities in its Storage Manager software that could allow attackers to bypass authentication, disclose sensitive information, and gain unauthorized access to systems. Announced on October 24, 2025, these flaws affect versions of Dell Storage Manager up to 20.1.21 and pose significant risks to organizations relying on the tool for […] The post Critical Dell Storage Manager Vulnerabilities Let Attackers Compromise System appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are actively exploiting a critical flaw in Microsoft’s Windows Server Update Services (WSUS), with security researchers reporting widespread attempts in the wild. The vulnerability, tracked as CVE-2025-59287, allows remote code execution on unpatched WSUS servers, potentially granting attackers full control over enterprise networks. As of October 27, 2025, firms monitoring global scan data have […] The post Hackers Exploiting Microsoft WSUS Vulnerability In The Wild – 2800 Instances Exposed Online appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
