-
A critical vulnerability in Hikvision security cameras, first disclosed in 2017, is being actively exploited by hackers to gain unauthorized access to sensitive information. SANS researchers observed a recent surge in malicious activity targeting a specific flaw, identified as CVE-2017-7921, which carries a critical severity score of 10.0 on the CVSS scale. The exploit attempts […] The post Hackers Exploiting Hikvision Camera Vulnerability to Access Sensitive Information appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the Linux Kernel’s ksmbd file sharing component allows remote attackers to execute code with kernel privileges. Tracked as CVE-2025-38561, this flaw affects Linux distributions that include the ksmbd SMB server implementatio…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A severe vulnerability in the Linux kernel’s ksmbd SMB server implementation has been disclosed, potentially allowing authenticated remote attackers to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-38561 and assigned a CVSS score of 8.5, represents a significant security risk for Linux systems utilizing the kernel-based SMB server functionality. The flaw disclosed […] The post Linux Kernel ksmbd Vulnerability Allows Remote Attackers to Execute Arbitrary Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in NVIDIA’s Merlin Transformers4Rec library allows attackers to achieve remote code execution with root privileges. Discovered by the Trend Micro Zero Day Initiative (ZDI) Threat Hunting Team, the flaw stems from unsafe deseria…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has disclosed a critical zero-day vulnerability in its IOS and IOS XE software that is being actively exploited by threat actors in real-world attacks. The flaw, tracked as CVE-2025-20352, affects the Simple Network Management Protocol (SNMP) sub…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has disclosed a zero-day vulnerability, CVE-2025-20352, in its widely used IOS and IOS XE software, confirming it is being actively exploited in the wild. The flaw exists in the Simple Network Management Protocol (SNMP) subsystem and can allow a remote attacker to achieve remote code execution (RCE) or cause a denial-of-service (DoS) condition on […] The post Cisco IOS 0-Day RCE Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new study has uncovered a method for silently installing custom extensions on Chromium-based browsers running in Windows domain environments. By exploiting how Chrome and its relatives store extension settings and security checks in preference files,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed flaw in OnePlus OxygenOS lets any app on a device read SMS and MMS messages without asking the user. Tracked as CVE-2025-10184, the issue stems from a permission bypass in the Telephony content provider (com.android.providers.telephon…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A severe security vulnerability in OnePlus OxygenOS has been discovered that allows any installed application to read SMS and MMS messages without requesting permission or notifying users. The flaw, designated CVE-2025-10184, affects multiple OnePlus devices running OxygenOS versions 12 through 15, potentially compromising SMS-based multi-factor authentication (MFA) systems and exposing sensitive personal communications to unauthorized […] The post OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Permission appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A serious security flaw in the Salesforce CLI installer (sf-x64.exe) has been assigned CVE-2025-9844. This weakness allows attackers to execute arbitrary code with SYSTEM-level privileges on Windows machines. Users who installed Salesforce CLI from unt…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
