Cyber Security News

A 13-year-old critical remote code execution (RCE) vulnerability in Redis, dubbed RediShell, allows attackers to gain full access to the underlying host system. The flaw, tracked as CVE-2025-49844, was discovered by Wiz Research and has been assigned the highest possible CVSS severity score of 10.0, a rating reserved for the most severe security issues. The […]

The post 13-year-old Critical Redis RCE Vulnerability Let Attackers Gain Full Access to Host System appeared first on Cyber Security News.

Paris, France, October 6th, 2025, CyberNewsWire Reemo continues its mission to secure enterprise remote access and becomes the first French cybersecurity provider to protect all remote access within a single platform. Reemo announces Bastion+, a next-generation bastion solution deployable without limits. “Companies don’t need another bastion. They need a global vision that remains simple and […]

The post Reemo Unveils Bastion+: A Scalable Solution for Global Privileged Access Management appeared first on Cyber Security News.

A threat actor has claimed responsibility for a significant data breach at Huawei Technologies, a multinational technology corporation based in China. The actor is reportedly attempting to sell what they allege is the company’s internal source code and development tools on a dark web forum. The post, which appeared in early October 2025, asserts that […]

The post Threat Actors Claim Breach Of Huawei Technologies Source Code and Internal Tools appeared first on Cyber Security News.

Doctors Imaging Group, a healthcare provider based in Florida, has reported a significant data breach that exposed the sensitive personal and medical information of over 171,800 individuals. The incident, classified as a “Hacking/IT Incident,” involved unauthorized access to the organization’s network server, leading to the compromise of a wide range of highly sensitive data. According […]

The post Doctors Imaging Group Suffers Data Breach – 171800+ Users Data Exposed appeared first on Cyber Security News.

Forensic-Timeliner, a Windows forensic tool for DFIR investigators, has released version 2.2, which offers enhanced automation and improved artifact support for digital forensics and incident response operations. This high-speed processing engine consolidates CSV output from leading triage utilities into a unified timeline, empowering analysts to reconstruct event sequences and identify key indicators of compromise rapidly. […]

The post Forensic-Timeliner – Windows Forensic Tool for DFIR Investigators appeared first on Cyber Security News.

NCSC has issued an urgent warning regarding a critical zero-day flaw in Oracle E-Business Suite (EBS) that is currently being exploited in the wild.  Tracked as CVE-2025-61882, the vulnerability resides in the BI Publisher Integration component of Oracle Concurrent Processing and allows unauthenticated remote code execution.  Organisations running EBS versions 12.2.3 through 12.2.14—especially those exposed […]

The post NCSC Warns of Oracle E-Business Suite 0-Day Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

A critical security vulnerability has been discovered in Zabbix Agent and Agent 2 for Windows that allows attackers with local system access to escalate their privileges through DLL injection attacks.  The flaw, tracked as CVE-2025-27237 with a CVSS score of 7.3 (High), affects multiple versions of the popular network monitoring solution and has prompted immediate […]

The post Zabbix Agent and Agent 2 for Windows Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Researchers have published the full technical details and exploit code for a critical remote code execution (RCE) vulnerability in Google Chrome’s V8 JavaScript engine.  Tracked internally as a WebAssembly type canonicalization bug, the flaw stems from an improper nullability check in the CanonicalEqualityEqualValueType function introduced by commit 44171ac in Chrome M135 and above.  This regression […]

The post Google Chrome RCE Vulnerability Details Released Along with Exploit Code appeared first on Cyber Security News.

Microsoft is set to roll out a highly anticipated multitasking feature for its Teams platform, which will allow users to open channels in separate windows. This long-awaited update, scheduled for release in November, addresses one of the most common user requests and promises to improve workflow efficiency for millions of users significantly. According to the […]

The post Microsoft Teams Set to Introduce Highly Anticipated Multitasking Functionality appeared first on Cyber Security News.

With the release of Kali Linux 2025.3, a major update introduces an innovative tool that combines artificial intelligence and cybersecurity: the Gemini Command-Line Interface (CLI). This new open-source package integrates Google’s powerful Gemini AI directly into the terminal, offering penetration testers and security professionals an intelligent assistant designed to streamline and automate complex security workflows. […]

The post Gemini CLI to Your Kali Linux Terminal To Automate Penetration Testing Tasks appeared first on Cyber Security News.

A publicly available proof-of-concept (PoC) exploit has been released for CVE-2025-32463, a local privilege escalation (LPE) flaw in the Sudo utility that can grant root access under specific configurations.  Security researcher Rich Mirch is credited with identifying the weakness, while a functional PoC and usage guide have been published in an open GitHub repository, accelerating […]

The post PoC Exploit Released for Sudo Vulnerability that Enables Attackers to Gain Root Access appeared first on Cyber Security News.

A critical use-after-free vulnerability, identified as CVE-2025-49844, has been discovered in Redis servers, enabling authenticated attackers to achieve remote code execution. This high-severity flaw affects all versions of Redis that utilize the Lua scripting engine, presenting a significant threat to a wide range of deployments that rely on the popular in-memory data store. The core […]

The post Redis Server Vulnerability use-after-free Vulnerability Enables Remote Code Execution appeared first on Cyber Security News.

A sophisticated technique uncovered where threat actors abuse Amazon Web Services‘ X-Ray distributed tracing service to establish covert command and control (C2) communications, demonstrating how legitimate cloud infrastructure can be weaponized for malicious purposes. AWS X-Ray, designed to help developers analyze application performance through distributed tracing, has been repurposed by red team researchers into a […]

The post Hackers Weaponize AWS X-Ray Service to Work as Covert Command & Control Server appeared first on Cyber Security News.

QNAP has released a security advisory detailing a vulnerability in its NetBak Replicator utility that could allow local attackers to execute unauthorized code. The flaw, identified as CVE-2025-57714, has been rated as “Important” and affects specific versions of the backup and restore software. The company has already issued a patch and is urging users to […]

The post QNAP NetBak Replicator Vulnerability Let Attackers Execute Unauthorized Code appeared first on Cyber Security News.

PsExec represents one of the most contradictory tools in the cybersecurity landscape, a legitimate system administration utility that has become a cornerstone of malicious lateral movement campaigns. Recent threat intelligence reports indicate that PsExec remains among the top five tools used in cyberattacks as of 2025, with ransomware groups like Medusa, LockBit, and Kasseika actively […]

The post How Windows Command-line Utility PsExec Can Be Abused To Execute Malicious Code appeared first on Cyber Security News.

A critical zero-day vulnerability in Oracle E-Business Suite has emerged as a significant threat to enterprise environments, with proof-of-concept (PoC) exploit code now publicly available.  CVE-2025-61882 presents a severe security risk, achieving a maximum CVSS 3.1 score of 9.8 and enabling remote code execution without authentication across multiple Oracle E-Business Suite versions. The vulnerability affects […]

The post PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability appeared first on Cyber Security News.

A zero-day vulnerability in the Zimbra Collaboration Suite (ZCS) was actively exploited in targeted attacks earlier in 2025. The flaw, identified as CVE-2025-27915, is a stored cross-site scripting (XSS) vulnerability that attackers leveraged by sending weaponized iCalendar (.ICS) files to steal sensitive data from victims’ email accounts. The attacks were first identified by StrikeReady, which […]

The post Hackers Exploit Zimbra Vulnerability as 0-Day with Weaponized iCalendar Files appeared first on Cyber Security News.

A newly disclosed vulnerability, named the WireTap attack, allows attackers with physical access to break the security of Intel’s Software Guard eXtensions (SGX) on modern server processors and steal sensitive information. A research paper released in October 2025 details how this method can extract cryptographic keys from supposedly secure SGX enclaves using a low-cost setup, […]

The post New WireTap Attack Break Server SGX To Exfiltrate Sensitive Data appeared first on Cyber Security News.

Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used game development platform.  The flaw, designated CVE-2025-59489, exposes applications built with vulnerable Unity Editor versions to unsafe file loading attacks that could enable local code execution and privilege escalation across multiple operating systems. The vulnerability stems from […]

The post Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Microsoft has announced a significant security enhancement for Outlook users, implementing the retirement of inline SVG image support across Outlook for Web and the new Outlook for Windows platforms.  This change represents a proactive measure to strengthen email security infrastructure and protect users from potential cybersecurity threats. The rollout timeline has been strategically structured to […]

The post Microsoft to Disable Inline SVG Images Display to Outlook for Web and Windows Users appeared first on Cyber Security News.