-
Google Chrome’s V8 JavaScript engine has long balanced speed and security for billions of users worldwide. On September 16, 2025, Google’s Threat Analysis Group discovered a critical zero-day flaw in the TurboFan compiler component of V8. Now tracked a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
BlackLock, a rebranded ransomware group formerly known as El Dorado, has emerged as a formidable threat to organizations worldwide. First identified in June 2024 when its Dedicated Leak Site (DLS) began exposing victim data, the gang is believed to hav…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recently disclosed flaw, tracked as CVE-2025-55241, allowed any attacker in possession of a single “Actor token” from a test or lab tenant to assume full administrative control over every Microsoft Entra ID (Azure AD) customer globally. Sec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated attack technique called LNK Stomping has emerged as a critical threat to Windows security, exploiting a fundamental flaw in how the operating system handles shortcut files to bypass security controls. Designated as CVE-2024-38217 and patched on September 10, 2024, this vulnerability demonstrates how attackers can manipulate Windows shortcuts (LNK files) to circumvent the […] The post Hackers Bypassing Windows Mark of the Web Files Using LNK Stomping Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA issued a warning of two critical path traversal flaws in Delta Electronics’ DIALink industrial control system software. With a maximum CVSS v4 base score of 10.0, these vulnerabilities could be exploited remotely with low attack complexity to bypass authentication and gain unauthorized access to critical manufacturing environments. Delta Electronics Path Traversal Flaws Delta Electronics […] The post CISA Warns of Delta Electronics Vulnerabilities Let Attackers Bypass Authentication appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in HubSpot’s Jinjava template engine, potentially exposing thousands of websites and applications to remote code execution attacks. The flaw, tracked as CVE-2025-59340, carries the maximum CVS…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A deserialization flaw in the License Servlet component of Fortra GoAnywhere Managed File Transfer (MFT) platform. Identified as CVE-2025-10035, this vulnerability permits an unauthenticated attacker who can deliver a forged license response signature to trigger Java deserialization of attacker-supplied objects, potentially resulting in arbitrary command execution and full system compromise. Deserialization Flaw (CVE-2025-10035) GoAnywhere MFT’s […] The post Critical GoAnywhere MFT Platform Vulnerability Exposes Enterprises to Remote Exploitation appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
On September 18, 2025, Orange Cert publicly disclosed a critical authentication bypass vulnerability affecting Nokia’s CBIS (CloudBand Infrastructure Software) and NCS (Nokia Container Service) Manager API (CVE-2023-49564). With a CVSS 3.1 score of 9.6…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed flaw in HubSpot’s open-source Jinjava template engine could allow attackers to bypass sandbox restrictions and achieve remote code execution (RCE) on thousands of websites relying on versions prior to 2.8.1. Tracked as CVE-2025-59340 and rated Critical with a CVSS v3.1 score of 10.0, the issue stems from JavaType‐based deserialization, enabling threat actors […] The post HubSpot’s Jinjava Engine Vulnerability Exposes Thousands of Websites to RCE Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Russian regional carrier KrasAvia is grappling with a major IT outage after what appears to be a cyberattack. Passengers have been unable to buy tickets online, and flight operations have been forced to switch to manual procedures. The airline confirme…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
