-
Oracle has issued a critical security alert for a severe vulnerability in its E-Business Suite platform that could allow attackers to execute remote code and steal sensitive data without requiring authentication. The flaw, identified as CVE-2025-6…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A surge in attacks targeting SonicWall SSLVPN devices, affecting numerous customer networks, just weeks after a major breach exposed sensitive firewall data. Starting October 4, 2025, threat actors have rapidly authenticated into over 100 accounts across 16 environments, using what appear to be stolen valid credentials rather than brute-force methods. This coordinated attack highlights the […] The post SonicWall SSLVPN Under Attack Following the Breach of All Customers’ Firewall Backups appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Oracle has disclosed a critical vulnerability in its E-Business Suite that enables unauthenticated attackers to remotely access sensitive data, raising alarms for enterprises relying on the platform for core operations. Tracked as CVE-2025-61884, the flaw affects the Oracle Configurator component and was detailed in a security alert released on October 11, 2025. This comes just […] The post Oracle E-Business Suite RCE Vulnerability Exposes Sensitive Data to Hackers Without Authentication appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new technique enables attackers to exploit antivirus software by injecting harmful code directly into the antivirus processes. This approach makes it easier for them to evade detection and compromise the security that antivirus software is designed to provide. This method, detailed by cybersecurity researcher Two Seven One Three on X (@TwoSevenOneT), involves cloning protected […] The post Hackers Can Inject Malicious Code into Antivirus Processes to Create a Backdoor appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Critical flaws uncovered in the network communication between Microsoft Defender for Endpoint (DFE) and its cloud services, allowing post-breach attackers to bypass authentication, spoof data, disclose sensitive information, and even upload malicious files to investigation packages. These vulnerabilities, detailed in a recent analysis by InfoGuard Labs, highlight ongoing risks in endpoint detection and response (EDR) […] The post Microsoft Defender Vulnerabilities Allow Attackers to Bypass Authentication and Upload Malicious Files appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in GitHub Copilot Chat, rated 9.6 on the CVSS scale, could have allowed attackers to exfiltrate source code and secrets from private repositories silently. The exploit combined a novel prompt injection technique with a clever bypass of GitHub’s Content Security Policy (CSP), granting the attacker significant control over a victim’s Copilot instance, […] The post Critical GitHub Copilot Vulnerability Let Attackers Exfiltrate Source Code From Private Repos appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers. Rated CVSS 9.6, the vulnerability combined a novel Content Security Policy bypass with remote prompt injection. By embedding hidden…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Gladinet CentreStack and Triofox have come under active attack as threat actors exploit an unauthenticated local file inclusion flaw (CVE-2025-11371). The flaw lets attackers read sensitive files without logging in. Once they grab the machine key, they…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An active in-the-wild exploitation of a zero-day vulnerability in Gladinet CentreStack and Triofox products. Tracked as CVE-2025-11371, the unauthenticated Local File Inclusion (LFI) flaw allows attackers to achieve remote code execution (RCE) on affected systems. The vulnerability is currently unpatched, but a mitigation has been provided. Organizations using the affected software are strongly urged to […] The post Gladinet CentreStack And Triofox 0-Day RCE Vulnerability Actively Exploited In Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a coordinated effort, international law enforcement agencies seized the clearnet domain breachforums[.]hn, shutting down yet another incarnation of the notorious cybercrime marketplace BreachForums. The domain now displays a joint seizure notice fro…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
