-
Iberia Líneas Aéreas de España has disclosed a significant security incident involving unauthorized access to systems operated by an external service provider. The breach has exposed sensitive personal information belonging to the airline’s custo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have published a proof-of-concept exploit for a critical remote code execution vulnerability in W3 Total Cache, one of WordPress’s most popular caching plugins with over one million active installations. The flaw, tracked as …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
High command injection vulnerabilities have been discovered in Tenda’s N300 Wi-Fi 4G LTE Router and the 4G03 Pro model, allowing authenticated attackers to execute arbitrary commands with root privileges on affected devices. With no patches curre…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through malici…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Wireshark Foundation has rolled out a crucial security update for its widely used network protocol analyzer, addressing multiple vulnerabilities that could lead to denial-of-service conditions. The latest release, version 4.6.1, specifically targets flaws discovered in the Bundle Protocol version 7 (BPv7) and Kafka dissectors. These vulnerabilities, if left unpatched, allow attackers to forcibly crash […] The post Wireshark Vulnerabilities Let Attackers Crash by Injecting a Malformed Packet appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new Oracle vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that attackers are already exploiting it in real-world attacks. The bug, tracked as CVE-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Rapid7’s Metasploit team has released a new exploit module targeting critical zero-day vulnerabilities in Fortinet’s FortiWeb web application firewall, chaining two security flaws to achieve unauthenticated remote code execution with root p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft disclosed a critical authentication bypass vulnerability in Azure Bastion, its managed remote access service, enabling attackers to escalate privileges to administrative levels with a single network request. The vulnerability, designated CVE-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Grafana Labs has disclosed a critical security vulnerability affecting Grafana Enterprise that could allow attackers to escalate privileges and impersonate users. The flaw, tracked as CVE-2025-41115, has received the maximum CVSS score of 10.0, making it one of the most severe vulnerabilities discovered in recent times. The vulnerability exists in Grafana’s SCIM (System for Cross-domain Identity […] The post Critical Grafana Vulnerability Let Attackers Escalate Privilege appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in ASUSTOR backup and synchronization software, allowing attackers to execute malicious code with elevated system privileges. The flaw, tracked as CVE-2025-13051, affects two widely used ASUSTOR applications and poses a significant risk to users running outdated versions. The DLL Hijacking Vulnerability The vulnerability stems from a DLL hijacking […] The post Critical ASUSTOR Vulnerability Let Attackers Execute Malicious Code with Elevated Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
