< ciso
brief />
Tag Banner

All news with #vulnerability disclosure tag

573 articles · page 26 of 29

Critical auth bypass in Service Finder WordPress theme

🔒 A critical authentication bypass in the Service Finder WordPress theme (tracked as CVE-2025-5947) is being actively exploited to obtain administrator access. The flaw affects versions 6.0 and older and results from improper validation of the original_user_id cookie in the service_finder_switch_back() function. Aonetheme released a patch in version 6.1 on July 17; site operators should update immediately or discontinue use.
read more →

How Cloudflare Found and Fixed a Bug in Go's ARM64 Compiler

🔍 Cloudflare engineers describe discovering a rare race condition in the Go arm64 compiler that caused goroutine stack-unwinding crashes in production. They traced sporadic fatal panics and segfaults to async preemption interrupting a split stack-pointer adjustment, leaving an invalid stack frame. A minimal reproducer showed the assembler could split a large ADD into multiple instructions, creating a one-instruction window where preemption caused unwinder corruption. The issue was fixed upstream in go1.23.12, go1.24.6, and go1.25.0.
read more →

Severe Figma MCP Command Injection Enables RCE Remotely

🔒 Cybersecurity researchers disclosed a now-patched command injection vulnerability in the figma-developer-mcp Model Context Protocol server that could allow remote code execution. Tracked as CVE-2025-53967 (CVSS 7.5), the flaw stems from unsanitized user input interpolated into shell commands when a fetch fallback uses child_process.exec to run curl. Imperva reported the issue and maintainers released a fix in figma-developer-mcp v0.6.3; users should update immediately.
read more →

Critical 10.0 RCE Flaw in Redis Exposes 60,000 Instances

⚠ The popular Redis in-memory data store received an urgent patch for a critical use-after-free vulnerability tracked as CVE-2025-49844 (RediShell), which can escape the Lua script sandbox and achieve remote code execution on the host. Exploitation requires authentication, but many deployments disable it; researchers estimate roughly 60,000 internet-exposed instances lack authentication. Redis released fixes on Oct. 3 across multiple branches and administrators are urged to patch exposed servers immediately and enable hardening controls.
read more →

Critical Redis Flaw 'RediShell' Exposes 60,000 Servers

🚨 Redis has a critical, decade‑old vulnerability identified as CVE-2025-49844 (RediShell) in its embedded Lua scripting engine that can let authenticated users escape the sandbox and execute arbitrary code on the host. Researchers at Wiz report roughly 330,000 Redis instances are exposed online, with about 60,000 lacking authentication. Redis and Wiz disclosed the issue on October 3 and published patches; administrators should apply updates, restrict access, and disable Lua scripting if not required.
read more →

AI Fix #71 — Hacked Robots, Power-Hungry AI and More

🤖 In episode 71 of The AI Fix, hosts Graham Cluley and Mark Stockley survey a wide-ranging mix of AI and robotics stories, from a giant robot spider that went 'backpacking' to DoorDash's delivery 'Minion' and a TikToker forcing an AI to converse with condiments. The episode highlights technical feats — GPT-5 winning the ICPC World Finals and Claude Sonnet 4.5 coding for 30 hours — alongside quirky projects like a 5-million-parameter transformer built in Minecraft. It also investigates a security flaw that left Unitree robot fleets exposed and discusses an alarming estimate that training a frontier model could require the power capacity of five nuclear plants by 2028.
read more →

Delta DIAScreen Multiple Out-of-Bounds Write Flaws

⚠️ Delta Electronics issued an advisory for DIAScreen addressing four out-of-bounds write vulnerabilities (CWE-787) that can be triggered when a valid user opens a maliciously crafted project file. The issues are tracked as CVE-2025-59297 through CVE-2025-59300 and have CVSS v3.1 base scores of 6.6 and CVSS v4 base scores of 6.8. Delta released v1.6.1 to remediate the flaws; administrators should apply the update and follow CISA guidance on social-engineering protections and ICS defensive best practices.
read more →

CISA Adds Synacor Zimbra XSS to Known Exploited Catalog

⚠️ CISA added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-27915, a cross-site scripting (XSS) flaw in Synacor Zimbra Collaboration Suite (ZCS). CISA notes that XSS remains a common attack vector that can enable credential theft, session hijacking, and distribution of malicious content. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV items by prescribed due dates. CISA urges all organizations to prioritize timely remediation and reduce exposure.
read more →

CISA Adds Seven CVEs to Known Exploited Vulnerabilities

🔒 CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The newly listed entries include CVE-2010-3765, CVE-2010-3962, CVE-2011-3402, CVE-2013-3918, CVE-2021-22555, CVE-2021-43226, and CVE-2025-61882, impacting Mozilla, Microsoft, the Linux Kernel, and Oracle E-Business Suite. Federal Civilian Executive Branch agencies must remediate these vulnerabilities under BOD 22-01, and CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.
read more →

Hitachi Energy MSM: XSS and Assertion Vulnerabilities

⚠️ Hitachi Energy reports multiple vulnerabilities in the MSM product that are exploitable remotely with low attack complexity. An XSS flaw in the EmbedThis GoAhead goform/formTest endpoint (name parameter) can allow HTML injection, while an assertion in open62541's fuzz_binary_decode can cause a crash. CVE-2023-53155 (CVSS 7.2) and CVE-2024-53429 (CVSS 7.5) are assigned. Vendors and CISA recommend disconnecting affected devices from internet-facing networks and following product-specific guidance.
read more →

ThreatsDay Bulletin: Exploits Target Cars, Cloud, Browsers

🔔 From unpatched vehicles to hijacked clouds, this ThreatsDay bulletin outlines active threats and defensive moves across endpoints, cloud, browsers, and vehicles. Observers reported internet-wide scans exploiting PAN-OS GlobalProtect (CVE-2024-3400) and campaigns that use weak MS‑SQL credentials to deploy XiebroC2 for persistent access. New AirBorne CarPlay/iAP2 flaws can chain to take over Apple CarPlay in some cases without user interaction, while attackers quietly poison browser preferences to sideload malicious extensions. On defence, Google announced AI-driven ransomware detection for Drive and Microsoft plans an Edge revocation feature to curb sideloaded threats.
read more →

Cisco Talos Discloses Multiple Nvidia and Adobe Flaws

⚠ Cisco Talos disclosed five vulnerabilities in NVIDIA's CUDA Toolkit components and one use-after-free flaw in Adobe Acrobat Reader. The Nvidia issues affect tools like cuobjdump (12.8.55) and nvdisasm (12.8.90), where specially crafted fatbin or ELF files can trigger out-of-bounds writes, heap overflows, and potential arbitrary code execution. The Adobe bug (2025.001.20531) involves malicious JavaScript in PDFs that can reuse freed objects, leading to memory corruption and possible remote code execution if a user opens a crafted document.
read more →

OneLogin API Bug Exposed OIDC Client Secrets in 2025

🔒Clutch Security disclosed a high-severity flaw in the One Identity OneLogin IAM platform that could leak OpenID Connect (OIDC) application client_secret values when queried with valid API credentials. The issue, tracked as CVE-2025-59363 with a CVSS score of 7.7, stemmed from the /api/2/apps endpoint returning secrets alongside app metadata. OneLogin remedied the behavior in OneLogin 2025.3.0 after responsible disclosure; administrators should apply the update, rotate exposed API and OIDC credentials, tighten RBAC scopes, and enable network-level protections such as IP allowlisting where available.
read more →

Attackers Abuse Milesight Routers to Send Smishing SMS

📱 SEKOIA warns that unknown actors have been abusing Milesight industrial cellular routers to send phishing SMS messages across Europe since at least February 2022. The attackers exploited exposed SMS-related APIs — linked to a patched information disclosure flaw (CVE-2023-43261) — to dispatch typosquatted URLs impersonating government platforms, banks, postal and telecom providers. Of roughly 18,000 such routers visible on the public internet, SEKOIA identified about 572 potentially vulnerable devices, roughly half located in Europe. The campaigns used JavaScript-based mobile checks and domains that disabled debugging and logged visitors to a Telegram bot, indicating operational measures to hinder analysis.
read more →

TOTOLINK X6000R Router: Multiple Firmware Vulnerabilities

⚠️ TOTOLINK X6000R routers running firmware V9.4.0cu.1360_B20241207 contain three vulnerabilities that enable argument injection, unauthenticated command execution, and sanitization bypasses leading to file corruption or persistent denial-of-service. The most severe, CVE-2025-52906, is an unauthenticated command injection rated Critical (CVSS 9.3). TOTOLINK has released updated firmware and users should apply the patch immediately while defenders use device visibility and threat prevention to detect exploitation.
read more →

VMware flaws allow username enumeration, patches released

🛡️ Three important vulnerabilities were disclosed in VMware products, including two in NSX that allow unauthenticated username enumeration and one in vCenter that permits SMTP header manipulation by authenticated non‑admin users with scheduled task privileges. The U.S. National Security Agency discovered two of the issues and all three are rated Important. VMware has released patches to address the flaws. Organizations are urged to apply updates immediately, avoid exposing vCenter to the internet, enforce multi‑factor authentication, change default credentials, and deploy layered protections such as web application firewalls and brute‑force detection controls.
read more →

Broadcom Patches VMware NSX Username-Enumeration Flaws

🔒 Broadcom released updates addressing two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). The flaws (CVE-2025-41251 and CVE-2025-41252) permit unauthenticated attackers to enumerate valid usernames via a weak password-recovery flow and a separate enumeration vector, which could be used to support brute-force or unauthorized login attempts. Administrators should apply the vendor patches immediately and verify recovery workflows and logging.
read more →

OpenPLC_V3 Denial-of-Service Vulnerability (CVE-2025-54811)

⚠️ CISA published an advisory for OpenPLC_V3 describing a denial-of-service vulnerability (CVE-2025-54811) caused by a missing return in the enipThread function that can trigger an illegal instruction and crash the PLC runtime. The flaw affects versions prior to pull request #292 and can stop PLCs under certain conditions. A patch is available in PR #292; administrators should update and isolate affected devices.
read more →

LG Innotek Cameras Authentication Bypass Vulnerability

🔒 An authentication bypass vulnerability (CVE-2025-10538) affects LG Innotek camera models LND7210 and LNV7210R (all versions). CISA rates the issue as remotely exploitable with low attack complexity — CVSS v4 base score 8.8 — and warns an attacker could gain administrative access and access user account information. LG Innotek has classified these models as end-of-life and no patch is available; CISA recommends reducing network exposure, isolating devices behind firewalls, and using secure remote access methods such as VPNs while performing risk assessments.
read more →

CISA Adds Five Vulnerabilities to KEV Catalog; Federal Risk

⚠️ CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on Sept. 29, 2025, citing evidence of active exploitation. The newly listed issues are CVE-2021-21311 (Adminer SSRF), CVE-2025-20352 (Cisco IOS/IOS XE stack overflow), CVE-2025-10035 (Fortra GoAnywhere deserialization), CVE-2025-59689 (Libraesva command injection), and CVE-2025-32463 (sudo untrusted-control vulnerability). Federal Civilian Executive Branch agencies must remediate these under BOD 22-01, and CISA urges all organizations to prioritize timely fixes as part of standard vulnerability management.
read more →