-
A critical vulnerability has been discovered in Argo CD that allows API tokens with limited permissions to access sensitive repository credentials. The flaw in the project details API endpoint exposes usernames and passwords, undermining the platform’s security model by granting access to secrets without explicit permissions. The vulnerability stems from an improper authorization check in […] The post Critical Argo CD API Vulnerability Exposes Repository Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in SAP S/4HANA, tracked as CVE-2025-42957, is being actively exploited by attackers, according to research from SecurityBridge. The vulnerability, which carries a CVSS score of 9.9 out of 10, allows a low-privileged user to exe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding critical vulnerabilities in popular TP-Link router models that are currently being actively exploited by cybercriminals. These security flaws affect wide…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new security exploit has been discovered that lets attackers slip malicious code into widely used desktop applications including Signal, 1Password, Slack, and Google Chrome by evading built-in code integrity checks. The vulnerability, tracked as Elec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has issued an urgent alert regarding a zero-day vulnerability in the Android operating system that is being actively exploited in real-world attacks. The vulnerability, identified as CVE-2025-48543, is a high-severity issue that could allow attackers to gain elevated control over affected devices. On Thursday, September 4, 2025, CISA added the vulnerability to its Known […] The post CISA Warns of Android 0-Day Use-After-Free Vulnerability Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert for a newly discovered zero-day vulnerability in the Android Runtime component. This “use-after-free” flaw could allow attackers to escape the Chrome sandbox a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new high-severity vulnerability in the Linux kernel to its Known Exploited Vulnerabilities (KEV) catalog, signaling that it is being actively exploited in attacks. The warning, issued on September 4, 2025, calls for urgent action from federal agencies and private sector organizations to mitigate the […] The post CISA Warns of Linux Kernel Race Condition Vulnerability Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Attackers can bypass Endpoint Detection and Response (EDR) tools and file locks by reading raw disk sectors directly, highlighting the urgent need for organizations to audit and secure the drivers installed on their Windows systems. In modern Windows e…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in Microsoft Windows systems that allows attackers to escalate their privileges and potentially gain complete control over affected machines. The vulnerability, designated CVE-2025-53149, affec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have detected massive scanning campaigns targeting Cisco Adaptive Security Appliance (ASA) devices, with attackers probing over 25,000 unique IP addresses in coordinated waves that may signal an upcoming vulnerability disclosure. G…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
