Cyber Security News

Elastic has released a security advisory detailing a medium-severity vulnerability in the Kibana CrowdStrike Connector that could allow for the exposure of sensitive credentials. The flaw, tracked as CVE-2025-37728, affects multiple versions of Kibana and could allow a malicious user to access cached CrowdStrike credentials from other users within the same environment. The vulnerability underscores […]

The post Kibana Crowdstrike Connector Vulnerability Exposes Protected Credentials appeared first on Cyber Security News.

CISA has issued an urgent security advisory, adding Microsoft Windows privilege escalation vulnerability CVE-2021-43226 to its Known Exploited Vulnerabilities (KEV) catalog on October 6, 2025.  The vulnerability affects the Microsoft Windows Common Log File System (CLFS) Driver and poses significant security risks to enterprise environments. The CVE-2021-43226 vulnerability resides within Microsoft’s Common Log File System […]

The post CISA Warns of Windows Privilege Escalation Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A new command injection vulnerability in OpenSSH, tracked as CVE-2025-61984, has been disclosed, which could allow an attacker to achieve remote code execution on a victim’s machine. The vulnerability is a bypass of a previous fix for a similar issue (CVE-2023-51385) and exploits how the ProxyCommand feature interacts with the underlying system shell when handling […]

The post OpenSSH Vulnerability Exploited Via ProxyCommand to Execute Remote Code – PoC Released appeared first on Cyber Security News.

Oracle has issued an emergency security alert for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite after the notorious Cl0p ransomware group began extorting customers who failed to patch their systems.  The vulnerability, carrying a maximum CVSS score of 9.8, affects the Business Intelligence Publisher (BI Publisher) Integration component and enables remote code execution […]

The post Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day Vulnerability in the Wild appeared first on Cyber Security News.

A 13-year-old critical remote code execution (RCE) vulnerability in Redis, dubbed RediShell, allows attackers to gain full access to the underlying host system. The flaw, tracked as CVE-2025-49844, was discovered by Wiz Research and has been assigned the highest possible CVSS severity score of 10.0, a rating reserved for the most severe security issues. The […]

The post 13-year-old Critical Redis RCE Vulnerability Let Attackers Gain Full Access to Host System appeared first on Cyber Security News.

Paris, France, October 6th, 2025, CyberNewsWire Reemo continues its mission to secure enterprise remote access and becomes the first French cybersecurity provider to protect all remote access within a single platform. Reemo announces Bastion+, a next-generation bastion solution deployable without limits. “Companies don’t need another bastion. They need a global vision that remains simple and […]

The post Reemo Unveils Bastion+: A Scalable Solution for Global Privileged Access Management appeared first on Cyber Security News.

A threat actor has claimed responsibility for a significant data breach at Huawei Technologies, a multinational technology corporation based in China. The actor is reportedly attempting to sell what they allege is the company’s internal source code and development tools on a dark web forum. The post, which appeared in early October 2025, asserts that […]

The post Threat Actors Claim Breach Of Huawei Technologies Source Code and Internal Tools appeared first on Cyber Security News.

Doctors Imaging Group, a healthcare provider based in Florida, has reported a significant data breach that exposed the sensitive personal and medical information of over 171,800 individuals. The incident, classified as a “Hacking/IT Incident,” involved unauthorized access to the organization’s network server, leading to the compromise of a wide range of highly sensitive data. According […]

The post Doctors Imaging Group Suffers Data Breach – 171800+ Users Data Exposed appeared first on Cyber Security News.

Forensic-Timeliner, a Windows forensic tool for DFIR investigators, has released version 2.2, which offers enhanced automation and improved artifact support for digital forensics and incident response operations. This high-speed processing engine consolidates CSV output from leading triage utilities into a unified timeline, empowering analysts to reconstruct event sequences and identify key indicators of compromise rapidly. […]

The post Forensic-Timeliner – Windows Forensic Tool for DFIR Investigators appeared first on Cyber Security News.

NCSC has issued an urgent warning regarding a critical zero-day flaw in Oracle E-Business Suite (EBS) that is currently being exploited in the wild.  Tracked as CVE-2025-61882, the vulnerability resides in the BI Publisher Integration component of Oracle Concurrent Processing and allows unauthenticated remote code execution.  Organisations running EBS versions 12.2.3 through 12.2.14—especially those exposed […]

The post NCSC Warns of Oracle E-Business Suite 0-Day Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

A critical security vulnerability has been discovered in Zabbix Agent and Agent 2 for Windows that allows attackers with local system access to escalate their privileges through DLL injection attacks.  The flaw, tracked as CVE-2025-27237 with a CVSS score of 7.3 (High), affects multiple versions of the popular network monitoring solution and has prompted immediate […]

The post Zabbix Agent and Agent 2 for Windows Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Researchers have published the full technical details and exploit code for a critical remote code execution (RCE) vulnerability in Google Chrome’s V8 JavaScript engine.  Tracked internally as a WebAssembly type canonicalization bug, the flaw stems from an improper nullability check in the CanonicalEqualityEqualValueType function introduced by commit 44171ac in Chrome M135 and above.  This regression […]

The post Google Chrome RCE Vulnerability Details Released Along with Exploit Code appeared first on Cyber Security News.

Microsoft is set to roll out a highly anticipated multitasking feature for its Teams platform, which will allow users to open channels in separate windows. This long-awaited update, scheduled for release in November, addresses one of the most common user requests and promises to improve workflow efficiency for millions of users significantly. According to the […]

The post Microsoft Teams Set to Introduce Highly Anticipated Multitasking Functionality appeared first on Cyber Security News.

With the release of Kali Linux 2025.3, a major update introduces an innovative tool that combines artificial intelligence and cybersecurity: the Gemini Command-Line Interface (CLI). This new open-source package integrates Google’s powerful Gemini AI directly into the terminal, offering penetration testers and security professionals an intelligent assistant designed to streamline and automate complex security workflows. […]

The post Gemini CLI to Your Kali Linux Terminal To Automate Penetration Testing Tasks appeared first on Cyber Security News.

A publicly available proof-of-concept (PoC) exploit has been released for CVE-2025-32463, a local privilege escalation (LPE) flaw in the Sudo utility that can grant root access under specific configurations.  Security researcher Rich Mirch is credited with identifying the weakness, while a functional PoC and usage guide have been published in an open GitHub repository, accelerating […]

The post PoC Exploit Released for Sudo Vulnerability that Enables Attackers to Gain Root Access appeared first on Cyber Security News.

A critical use-after-free vulnerability, identified as CVE-2025-49844, has been discovered in Redis servers, enabling authenticated attackers to achieve remote code execution. This high-severity flaw affects all versions of Redis that utilize the Lua scripting engine, presenting a significant threat to a wide range of deployments that rely on the popular in-memory data store. The core […]

The post Redis Server Vulnerability use-after-free Vulnerability Enables Remote Code Execution appeared first on Cyber Security News.

A sophisticated technique uncovered where threat actors abuse Amazon Web Services‘ X-Ray distributed tracing service to establish covert command and control (C2) communications, demonstrating how legitimate cloud infrastructure can be weaponized for malicious purposes. AWS X-Ray, designed to help developers analyze application performance through distributed tracing, has been repurposed by red team researchers into a […]

The post Hackers Weaponize AWS X-Ray Service to Work as Covert Command & Control Server appeared first on Cyber Security News.

QNAP has released a security advisory detailing a vulnerability in its NetBak Replicator utility that could allow local attackers to execute unauthorized code. The flaw, identified as CVE-2025-57714, has been rated as “Important” and affects specific versions of the backup and restore software. The company has already issued a patch and is urging users to […]

The post QNAP NetBak Replicator Vulnerability Let Attackers Execute Unauthorized Code appeared first on Cyber Security News.

PsExec represents one of the most contradictory tools in the cybersecurity landscape, a legitimate system administration utility that has become a cornerstone of malicious lateral movement campaigns. Recent threat intelligence reports indicate that PsExec remains among the top five tools used in cyberattacks as of 2025, with ransomware groups like Medusa, LockBit, and Kasseika actively […]

The post How Windows Command-line Utility PsExec Can Be Abused To Execute Malicious Code appeared first on Cyber Security News.

A critical zero-day vulnerability in Oracle E-Business Suite has emerged as a significant threat to enterprise environments, with proof-of-concept (PoC) exploit code now publicly available.  CVE-2025-61882 presents a severe security risk, achieving a maximum CVSS 3.1 score of 9.8 and enabling remote code execution without authentication across multiple Oracle E-Business Suite versions. The vulnerability affects […]

The post PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability appeared first on Cyber Security News.