Latest Cybersecurity News & Insights
24 October 2025
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant
24 October 2025
CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available.
The post Critical Windows Server WSUS Vulnerability Exploited in the Wild appeared first on SecurityWeek.
23 October 2025
The bug has been exploited in the wild as a zero-day and the US cybersecurity agency CISA has added it to its KEV catalog.
The post Lanscope Endpoint Manager Zero-Day Exploited in the Wild appeared first on SecurityWeek.
23 October 2025
E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours.
The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1), a critical improper input validation flaw that could be
23 October 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild.
The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager, specifically Client
22 October 2025
The vulnerability impacts multiple Rust tar parsers, allowing attackers to smuggle additional archive entries.
The post TARmageddon Flaw in Popular Rust Library Leads to RCE appeared first on SecurityWeek.
22 October 2025
Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025.
Also targeted were government departments in an African country, as well as government agencies in South America, a university in the U.S., as well as likely a state technology
22 October 2025
From Detection to Resolution: Why the Gap Persists
A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and CMDB each surface the issue in their own way, with different severity levels, metadata, and context.
What’s missing is a system of action. How do you transition from the
22 October 2025
Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions.
The vulnerability, tracked as CVE-2025-62518 (CVSS score: 8.1), has been codenamed TARmageddon by Edera, which discovered the issue in late August 2025. It impacts several
22 October 2025
TP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution.
The vulnerabilities in question are listed below -
CVE-2025-6541 (CVSS score: 8.6) - An operating system command injection vulnerability that could be exploited by an attacker who can log in to the web management
21 October 2025
Affecting the Fireware OS iked process, the vulnerability can lead to remote code execution and does not require authentication.
The post Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw appeared first on SecurityWeek.
21 October 2025
The cybersecurity agency has added CVE-2025-61884 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Confirms Exploitation of Latest Oracle EBS Vulnerability appeared first on SecurityWeek.
20 October 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks.
The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a
20 October 2025
ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches.
ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser — most commonly a CAPTCHA, but also things like fixing an error on a webpage.
The name is a little misleading, though
20 October 2025
On Android, the out-of-bounds write issue can be triggered during the processing of media files without user interaction.
The post Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks appeared first on SecurityWeek.
17 October 2025
Other noteworthy stories that might have slipped under the radar: Capita fined £14 million, ICTBroadcast vulnerability exploited, Spyware maker NSO acquired.
The post In Other News: CrowdStrike Vulnerabilities, CISA Layoffs, Mango Data Breach appeared first on SecurityWeek.
17 October 2025
CVE-2025-55315 is an HTTP request smuggling bug leading to information leaks, file content tampering, and server crashes.
The post ‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability appeared first on SecurityWeek.
17 October 2025
Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code.
The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including
17 October 2025
The unauthenticated local file inclusion bug allows attackers to retrieve the machine key and execute code remotely via a ViewState deserialization issue.
The post Gladinet Patches Exploited CentreStack Vulnerability appeared first on SecurityWeek.
16 October 2025
AISLE aims to automate the vulnerability remediation process by detecting, exploiting, and patching software vulnerabilities in real time.
The post AISLE Emerges From Stealth With AI-Based Reasoning System That Remediates Vulnerabilities on the Fly appeared first on SecurityWeek.