-
The Everest ransomware group has claimed a major breach at Bayerische Motoren Werke AG (BMW), alleging the theft of 600,000 lines of sensitive internal documents. The group has posted BMW on its leak site, complete with a countdown timer and instructio…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
PureVPN’s Linux clients leak users’ IPv6 addresses when Wi-Fi reconnections or system resumes occur, and also obliterate host firewall rules without restoring them upon disconnect. This undermines privacy guarantees and leaves systems more exposed than before VPN use, with critical failures in the kill-switch and firewall handling modules. PureVPN Linux Client Flaws Anagogistis stated that […] The post PureVPN Vulnerability Exposes Users IPv6 Address While Toggling Wi-Fi appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in PureVPN’s Linux clients that exposes users’ real IPv6 addresses during network reconnections, undermining the privacy protections that users expect from their VPN service. The vulnera…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Jenkins has released critical updates addressing four security flaws that unauthenticated and low-privileged attackers could exploit to disrupt service or glean sensitive configuration details. Administrators running Jenkins weekly releases up to 2.527 or the Long-Term Support (LTS) stream up to 2.516.2 must upgrade to mitigate these risks. HTTP/2 Denial of Service (CVE-2025-5115) A high-severity issue […] The post Jenkins Patches Multiple Vulnerabilities that Allow Attackers to Cause a Denial of Service appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers have uncovered a zero-day vulnerability in TP-Link routers that allows attackers to bypass Address Space Layout Randomization (ASLR) and execute arbitrary code remotely. Tracked as CVE-2025-9961, this flaw resides in the CWMP (TR-069) binar…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
WatchGuard released an advisory detailing a critical vulnerability in its Firebox line of network security appliances. Tracked as CVE-2025-9242, the flaw resides in the iked component of WatchGuard’s Fireware OS. An out-of-bounds write in the IKE…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The newly publicized Pixie Dust attack has once again exposed the critical vulnerabilities inherent in the Wi-Fi Protected Setup (WPS) protocol, enabling attackers to extract the router’s WPS PIN offline and seamlessly join the wireless network. By targeting weak randomization in the registrar’s nonces, this exploit subverts the intended security of WPS without requiring proximity […] The post Pixie Dust Wi-Fi Attack Exploits Routers WPS to Obtain PIN and Connect With Wireless Network appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day remote code execution (RCE) vulnerability, identified as CVE-2025-9961, has been discovered in TP-Link routers. Security research firm ByteRay has released a proof-of-concept (PoC) exploit, demonstrating how attackers can bypass Address Space Layout Randomization (ASLR) protections to gain full control over affected devices. The vulnerability resides in the router’s Customer Premises Equipment (CPE) […] The post TP-Link Router 0-Day RCE Vulnerability Exploited Bypassing ASLR Protections – PoC Released appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in the popular Greenshot screenshot utility has been discovered that allows local attackers to execute arbitrary malicious code within the trusted application process. The vulnerability, tracked as CVE-2025-59050,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Varonis Threat Labs have uncovered a persistent vulnerability that has remained unaddressed for over a decade, allowing attackers to exploit browser handling of Right-to-Left (RTL) and Left-to-Right (LTR) text scripts to cr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
