-
A critical security flaw discovered in Formbricks, an open-source experience management platform, demonstrates how missing JWT signature verification can lead to complete account takeovers. The vulnerability tracked as CVE-2025-59934 affects all versions prior to 4.0.1 and stems from improper token validation that uses jwt.decode() instead of jwt.verify(), allowing attackers to bypass authentication controls entirely. The […] The post Formbricks Signature Verification Vulnerability Let Attackers Reset User Passwords Without Authorization appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Windows heap management demonstrates how improper handling of record-size fields enables arbitrary memory read and write operations. Suraj Malhotra shared a detailed exploitation technique leveraging the Low Fragmentation Heap (LFH) mechanism to achieve code execution on Windows systems. Windows Heap Exploitation Vulnerability The Windows NT Heap operates through FrontEnd and BackEnd […] The post Windows Heap Exploitation Vulnerability With Record’s Size Field Leads to Arbitrary R/W appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in SUSE Rancher Manager has been discovered that enables attackers with elevated privileges to lock out administrative accounts, potentially disrupting entire Kubernetes cluster management operations. The flaw, tracked…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Dutch authorities have arrested two 17-year-old boys on suspicion of “state interference” in a cybersecurity case with alleged connections to Russian espionage operations. The teenagers appeared in court on Thursday, with one remanded in cu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered DLL hijacking vulnerability in Notepad++, the popular source code editor, could allow attackers to execute arbitrary code on a victim’s machine. Tracked as CVE-2025-56383, the flaw exists in version 8.8.3 and potentially affects all installed versions of the software, putting millions of users at risk. The vulnerability enables a local attacker to […] The post Notepad++ DLL Hijacking Vulnerability Let Attackers Execute Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have identified a critical DLL hijacking vulnerability in Notepad++ version 8.8.3, tracked as CVE-2025-56383. This flaw enables attackers to execute arbitrary code by replacing legitimate Dynamic Link Library (DLL) files within the…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google Project Zero researcher Jann Horn has disclosed a novel vulnerability in Apple’s macOS and iOS systems that could potentially allow attackers to bypass Address Space Layout Randomization (ASLR) protections through pointer leaks in serializ…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
This week in cybersecurity was marked by a relentless pace of critical disclosures and unprecedented attack volumes, underscoring the escalating challenges facing defenders. At the forefront was Google’s emergency patch for yet another actively exploited zero-day vulnerability in its Chrome browser. The high-severity flaw required an urgent response, highlighting the persistent threat posed by sophisticated […] The post Cybersecurity Newsletter Weekly – Chrome 0-Day, 22.2 Tbps DDOS Attack, Kali Linux Release, Cisco IOS 0-Day and More appeared first on Cyber…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A Google Project Zero researcher has detailed a novel technique for remotely leaking memory addresses on Apple’s macOS and iOS. This method can bypass a key security feature, Address Space Layout Randomization (ASLR), without relying on traditional memory corruption vulnerabilities or timing-based side-channel attacks. The research originated from a 2024 discussion within the Project Zero […] The post Google Project Zero Details ASLR Bypass on Apple Devices Using NSDictionary Serialization appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new wave of cyberattacks targeting organizations using SonicWall firewalls has been actively deploying Akira ransomware since late July 2025. Security researchers at Arctic Wolf Labs detected a surge in this activity, which remains ongoing. Threat actors are gaining initial access through malicious SSL VPN logins, successfully bypassing multi-factor authentication (MFA), and then rapidly moving […] The post Threat Actors Exploiting SonicWall Firewalls to Deploy Akira Ransomware Using Malicious Logins appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
