Latest Cybersecurity News & Insights
16 October 2025
A public PoC existed when Adobe patched the Experience Manager Forms (AEM Forms) bug in early August.
The post Organizations Warned of Exploited Adobe AEM Forms Vulnerability appeared first on SecurityWeek.
16 October 2025
Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems.
The activity, codenamed Operation Zero Disco by Trend Micro, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple
16 October 2025
Threat actors are exploiting CVE-2025-20352, a recent Cisco zero-day, to deploy a rootkit on older networking devices.
The post Cisco Routers Hacked for Rootkit Deployment appeared first on SecurityWeek.
16 October 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution.
15 October 2025
F5 has not shared too much information on the threat actor, but the attack profile seems to point to China.
The post F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data appeared first on SecurityWeek.
15 October 2025
Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program.
Of the 183 vulnerabilities, eight of them are non-Microsoft
15 October 2025
Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges.
The shortcomings, tracked as CVE-2023-40151 and CVE-2023-42770, are both rated 10.0 on the CVSS scoring system.
"The vulnerabilities affect Red Lion SixTRAK and VersaTRAK
15 October 2025
Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild.
The vulnerability, assigned the CVE identifier CVE-2025-2611 (CVSS score: 9.3), relates to improper input validation that can result in unauthenticated remote code execution due to the fact that the call center
15 October 2025
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution.
The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization.
"Due to a deserialization vulnerability in SAP NetWeaver, an
15 October 2025
Adobe has published a dozen security advisories detailing over 35 vulnerabilities across its product portfolio.
The post Adobe Patches Critical Vulnerability in Connect Collaboration Suite appeared first on SecurityWeek.
15 October 2025
The tech giant has rolled out fixes for 173 CVEs, including five critical-severity security defects.
The post Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws appeared first on SecurityWeek.
14 October 2025
Hackers have posted over 1 Tb of information allegedly stolen from Harvard on the Cl0p data leak website.
The post Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack appeared first on SecurityWeek.
14 October 2025
Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your systems behave. AI is significantly accelerating reconnaissance and enabling attackers to map your
14 October 2025
A vulnerability in RMP initialization allows the AMD processor’s x86 cores to maliciously control parts of the initial RMP state.
The post RMPocalypse: New Attack Breaks AMD Confidential Computing appeared first on SecurityWeek.
13 October 2025
Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done.
This week’s edition looks at how attackers are changing the game — linking different flaws, working together across borders, and even turning trusted tools into weapons.
13 October 2025
Threat actors have rapidly compromised more than 100 SonicWall SSL VPN accounts pertaining to over a dozen entities.
The post SonicWall SSL VPN Accounts in Attacker Crosshairs appeared first on SecurityWeek.
13 October 2025
It’s unclear if the new Oracle E-Business Suite flaw, which can be exploited remotely without authentication, has been used in the wild.
The post Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data appeared first on SecurityWeek.
12 October 2025
Oracle on Saturday issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow unauthorized access to sensitive data.
The vulnerability, tracked as CVE-2025-61884, carries a CVSS score of 7.5, indicating high severity. It affects versions from 12.2.3 through 12.2.14.
"Easily exploitable vulnerability allows an unauthenticated attacker with
11 October 2025
Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments.
"Threat actors are authenticating into multiple accounts rapidly across compromised devices," it said. "The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing."
A significant chunk of
10 October 2025
Other noteworthy stories that might have slipped under the radar: US universities targeted by payroll pirates, Zimbra vulnerability exploited, Mic-E-Mouse attack.
The post In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware appeared first on SecurityWeek.