-
GitLab has disclosed multiple high-severity Denial-of-Service (DoS) vulnerabilities that could allow unauthenticated attackers to crash self-managed GitLab instances. These flaws impact Community Edition (CE) and Enterprise Edition (EE) versions prior to 18.4.1, 18.3.3, and 18.2.7, and exploit both HTTP endpoints and GraphQL APIs. Administrators must upgrade immediately to prevent service interruptions and potential data loss. […] The post GitLab High-Severity Vulnerabilities Let Attackers Crash Instances appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apache Airflow maintainers have disclosed a serious security issue, tracked as CVE-2025-54831, that allows users holding only read permissions to view sensitive connection details via both the Airflow API and web interface. The vulnerability, present i…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has issued an Emergency Directive mandating immediate action to mitigate two critical zero-day vulnerabilities, CVE-2025-20333 and CVE-2025-20362, actively exploited against Cisco Adaptive Security Appliances (ASA) and select Firepower platforms. The vulnerabilities allow unauthenticated remote code execution and privilege escalation, enabling advanced threat actors to modify read-only memory (ROM) for persistence through reboot and system upgrades. Exploit Cisco ASA […] The post CISA Warns of Cisco Firewall 0-Day Vulnerabilities Actively Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors recently infiltrated a corporate environment, dumped the AD database file NTDS.dit, and nearly achieved full domain control. AD acts as the backbone of Windows domains, storing account data, group policies, and password hashes. Compromise…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software is being actively exploited in the wild. Tracked as CVE-2025-20333, this remote code execution…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco warns of a Critical remote code execution flaw in web services across multiple Cisco platforms. Tracked as CVE-2025-20363 (CWE-122), this vulnerability carries a CVSS 3.1 Base Score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) and impacts ASA, FTD, IOS, IOS XE, and IOS XR Software. Cisco Input Validation Flaw (CVE-2025-20363) The flaw stems from improper validation of user-supplied […] The post Critical Cisco Vulnerability Let Remote Attackers Execute Arbitrary Code on Firewalls and Routers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity authorities are urging organizations to take immediate action following the discovery of a sophisticated espionage campaign targeting Cisco Adaptive Security Appliance (ASA) firewalls. In a significant update, Cisco and the UK’s National Cyber Security Centre (NCSC) have revealed that a state-sponsored threat actor is exploiting a zero-day vulnerability (CVE-2025-20333) in Cisco ASA 5500-X series […] The post Hackers Exploiting Cisco ASA Zero-Day to Deploy RayInitiator and LINE VIPER Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco published Security Advisory cisco-sa-http-code-exec-WmfP3h3O revealing a severe flaw in multiple Cisco platforms that handle HTTP-based management. Tracked as CVE-2025-20363, this vulnerability stems from improper validation of user-supplied inpu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has issued an emergency security advisory warning of active exploitation of a critical zero-day vulnerability in its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software platforms. The vulnerability, tracked as CVE-2025-20333, carries a maximum CVSS score of 9.9 and enables authenticated remote attackers to execute arbitrary code with root […] The post Cisco ASA 0-Day RCE Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Noma Labs have discovered a critical vulnerability in Salesforce’s Agentforce AI platform that could allow attackers to steal sensitive customer data through sophisticated prompt injection techniques. The vulnerabilit…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
