-
Two newly disclosed vulnerabilities in Microsoft’s BitLocker drive encryption feature could allow attackers to bypass encryption safeguards on Windows systems. Tracked as CVE-2025-55333 and CVE-2025-55338, these flaws involve incomplete comparison logi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Adobe Experience Manager Forms vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively exploited in the wild. The secur…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Samba has disclosed a severe remote code execution (RCE) flaw that could allow attackers to hijack Active Directory domain controllers. Tracked as CVE-2025-10230, the vulnerability stems from improper validation in the Windows Internet Name Service (WINS) hook mechanism, earning a perfect CVSS 3.1 score of 10.0 for its ease of exploitation and devastating potential impact. […] The post Critical Samba RCE Vulnerability Enables Arbitrary Code Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe code execution vulnerability in Adobe Experience Manager Forms, urging organizations to patch immediately. Tracked as CVE-2025-54253, this flaw affects the Java Enterprise Edition (JEE) version of the software and enables attackers to execute arbitrary code on vulnerable systems. First disclosed […] The post CISA Warns Of Adobe Experience Manager Forms 0-Day Vulnerability Exploited In Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed two critical vulnerabilities in its Windows BitLocker encryption feature, allowing attackers with physical access to bypass security protections and access encrypted data. Released on October 14, 2025, as part of the latest Patch Tuesday updates, these flaws, tracked as CVE-2025-55338 and CVE-2025-55333, pose a significant risk to users relying on BitLocker for […] The post Windows BitLocker Vulnerabilities Let Attackers Bypass Security Feature appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has confirmed a critical issue affecting Windows Server 2025 systems following the installation of October 2025 security updates. The problem disrupts Active Directory directory synchronization, specifically impacting organizations managing l…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SAP released its October 2025 Security Patch Day fixes, addressing 13 new vulnerabilities and updating four prior notes, with several critical flaws in NetWeaver enabling attackers to sidestep authorization and run arbitrary operating system commands on affected systems. Among the most alarming is CVE-2025-42944, an insecure deserialization issue in SAP NetWeaver AS Java’s RMI-P4 module, […] The post New SAP NetWeaver Vulnerabilities Allow Attackers to Bypass Authorization and Execute OS Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
F5 Networks confirmed that a sophisticated nation-state threat actor infiltrated its systems, exfiltrating proprietary BIG-IP source code and confidential vulnerability information. The incident, which began in August 2025, targeted F5’s product develo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
F5, a leading provider of application security and delivery solutions, disclosed a major security incident. The company revealed that a sophisticated nation-state threat actor had gained long-term access to internal systems, exfiltrating sensitive files including BIG-IP source code and details on undisclosed vulnerabilities. While F5 emphasized that no critical exploits or active attacks on customers […] The post F5 Breached – Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated attack campaign dubbed “Operation Zero Disco,” where threat actors are actively exploiting a critical Cisco Simple Network Management Protocol (SNMP) vulnerability to install Linux rootkits on vulnerable network devices. Trend Micro observed an operation exploiting CVE-2025-20352, which allows remote code execution (RCE) and grants persistent unauthorized access, primarily targeting older Cisco switches that […] The post Cisco SNMP 0-Day Vulnerability Actively Exploited To Deploy Linux Rootkits appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
