Aggregator

You must login to view this content

A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the widely used PhpSpreadsheet library, potentially allowing attackers to exploit internal network resources and compromise server security.  The vulnerability, tracked as CVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package and carries a CVSS v4.0 score of 8.7. Key Takeaways1. SSRF in PhpSpreadsheet’s Worksheet\Drawing::setPath via […]

The post PhpSpreadsheet Library Vulnerability Enables Attackers to Feed Malicious HTML Input appeared first on Cyber Security News.

Nagios XI, a widely-deployed network monitoring solution, has addressed a critical cross-site scripting (XSS) vulnerability in its Graph Explorer feature that could enable remote attackers to execute malicious JavaScript code within users’ browsers.  The security flaw was patched in version 2024R2.1, released on August 12, 2025, following responsible disclosure by security researcher Marius Lihet. Key […]

The post Nagios XSS Vulnerability Let Remote Attackers to Execute Arbitrary JavaScript appeared first on Cyber Security News.

A sophisticated new Mac malware campaign has emerged, targeting users through a deceptive PDF conversion website that conceals a dangerous two-stage payload. The malware, dubbed “JSCoreRunner,” represents a significant evolution in macOS threats, demonstrating how cybercriminals are adapting their techniques to bypass Apple’s security measures while maintaining zero detection rates on major security platforms. The […]

The post New Mac Malware Dubbed ‘JSCoreRunner’ Weaponizing PDF Conversion Site to Deliver Malware appeared first on Cyber Security News.