Aggregator

Submit #485553 / VDB-294000

Submit #485540 / VDB-293999

A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. This vulnerability was named CVE-2025-0841. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The most recent update for Windows 11 24H2, identified as KB5050009, has caused various kinds of technical issues for users, affecting critical functionalities like audio, Bluetooth, USB devices, and webcams. Released earlier this month, the update was intended to enhance system stability and introduce new features but has instead left many users grappling with broken […]

The post Windows 11 24H2 Update Breaks Web camera, Audio, & USB appeared first on Cyber Security News.

A ransomware attack on a large healthcare network in Maryland has forced officials to shut off IT s

Submit #485445 / VDB-293998

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-0840. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Submit #485255 / VDB-293997

The state-sponsored threat actors are increasingly exploiting Google’s AI-powered assistant, Gemini, to enhance their cyber operations.  While generative AI tools like Gemini hold immense potential for innovation and productivity, their misuse by advanced persistent threat (APT) groups and information operations (IO) actors underscores the dual-use nature of such technologies. Google’s Threat Intelligence Group (GTIG) has […]

The post State-sponsored Actors Abusing Gemini to Fuel Cyber Attacks appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in MIT Kerberos 5 1.7. Affected by this issue is some unknown functionality of the file kadmind of the component Incremental Propagation. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2025-24528. The attack needs to be done within the local network. There is no exploit available.

Home > Apple Intelligence, Mac administration, macOS, Management Profiles > Managing Apple I

Researchers have uncovered two critical vulnerabilities in Apple’s custom silicon chips, dubbed SLAP (Speculative Load Address Prediction) and FLOP (False Load Output Predictions).  These flaws, found in Apple’s A- and M-series processors, expose sensitive user data such as credit card details, location history, and even private email content to potential attackers.  The vulnerabilities affect a […]

The post Apple Chips Vulnerability Exposes Credit Cards & Location History to Hackers appeared first on Cyber Security News.

A significant cybersecurity threat has emerged as hackers on a prominent Russian dark web forum claim to be selling an active exploit targeting Fortinet devices. The exploit reportedly leverages a critical vulnerability, CVE-2024-55591, which affects FortiOS versions 7.0.0 through 7.0.16.  This vulnerability, categorized as “Authentication Bypass Using an Alternate Path or Channel,” enables remote attackers […]

The post Hackers Allegedly Selling Fortinet Vulnerability Exploit on Dark Web Forums appeared first on Cyber Security News.

As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the ris

Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance.

As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Learn how a complimentary LayerX risk assessment can help identify, assess, and address browsing and SaaS risks in your workplace. [...]