-
Elastic has released a security advisory addressing an origin validation error in Kibana that could expose systems to Server-Side Request Forgery (SSRF) attacks. The vulnerability, tracked as CVE-2025-37734, affects multiple versions of the popular dat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A vulnerability in OpenAI’s advanced video generation model, Sora 2, that enables the extraction of its hidden system prompt through audio transcripts, raising concerns about the security of multimodal AI systems. This vulnerability, detailed in a blog post by AI security firm Mindgard, demonstrates how creative prompting across text, images, video, and audio can bypass […] The post OpenAI Sora 2 Vulnerability Exposes System Prompts via Audio Transcripts appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Dell Technologies has disclosed a critical security vulnerability affecting its Data Lakehouse platform that could allow attackers with high-level privileges to escalate their access and compromise system integrity. The flaw, tracked as CVE-2025-46608,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting WatchGuard Firebox firewalls to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway platforms. The flaw, tracked as CVE-2025-12101, poses a moderate security risk to organizations relying on these network applian…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Amazon’s threat intelligence team has uncovered a sophisticated cyber campaign exploiting previously undisclosed zero-day vulnerabilities in critical enterprise infrastructure. Advanced threat actors are actively targeting Cisco Identity Service …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A vulnerability has been discovered in Lite XL, a lightweight text editor, that could allow attackers to execute arbitrary code on affected systems. Carnegie Mellon University experts identified CVE-2025-12120, which affects Lite XL versions 2.1.8 and earlier. The flaw exists in how Lite XL handles project configuration files. How the Vulnerability Works When users open […] The post Lite XL Text editor Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway products. Tracked as CVE-2025-12101, the flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking, data theft, or unauthorized actions. The vulnerability carries a moderate CVSSv4 score of 5.9, highlighting its […] The post Citrix NetScaler ADC and Gateway Vulnerability Enables Cross-Site Scripting Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apache OpenOffice has released version 4.1.16, addressing seven critical security vulnerabilities that enable unauthorized remote document loading and memory corruption attacks. These flaws represent a significant security risk to users of the popular open-source office suite. The most severe vulnerabilities involve unauthorized remote content loading without user prompts or warnings. Attackers can exploit these weaknesses to load […] The post Multiple Apache OpenOffice Vulnerabilities Leads to Memory Corruption and Unauthorized Content Loading appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed two critical security vulnerabilities in GitHub Copilot and Visual Studio that could allow attackers to bypass essential security features. Both vulnerabilities were released on November 11, 2025, and have been assigned an Important severity rating. Path Traversal Vulnerability in Visual Studio The first vulnerability, tracked as CVE-2025-62449, stems from improper limitations in pathname […] The post GitHub Copilot and Visual Studio Vulnerabilities Allow Attacker to Bypass Security Feature appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
