Vulnerability News

A critical code injection flaw in Hewlett Packard Enterprise OneView, tracked as CVE-2025-37164, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. The vulnerability has been confirmed to be actively exploited by threat actors, triggering urgent remediation timelines for federal agencies and critical infrastructure operators. CVE-2025-37164 represents a severe security flaw in HP Enterprise The post CISA Adds HP Enterprise OneView Code Injection Vulnerability to KEV Following Active Exploitation appeared first on Cyber Security News.

Vulnerability Assessment and Penetration Testing (VAPT) tools form the cornerstone of any cybersecurity toolkit, enabling organizations to identify, analyze, and remediate vulnerabilities across systems, networks, applications, and IT infrastructure. These tools empower proactive security by exposing weaknesses and attack vectors before threat actors can exploit them, helping businesses maintain robust defenses and protect sensitive data. The post 10 Best Vulnerability Assessment and Penetration Testing (VAPT) Tools in 2026 appeared first on Cyber Security News.

Vuln mgmt anchors cyber amid 2026’s digital whirl. Sprawling across cloud, on-prem, hybrid tools demand peaks. Spot gaps, rank perils, auto-patch, reg-align. Option overload in IT mazes daunts vulnerability hunts. 2026 aces: endless watch, smart bots, plug-easy, report riches. Outpace threats, shrink surfaces, proactive stance. Top 10 unpacked: specs, buy cases, feature flares. Enterprise/SMB/pro bolster The post 10 Best Vulnerability Management Tools In 2026 appeared first on Cyber Security News.

The cybersecurity community was alarmed in late December 2025 when MongoDB announced a serious vulnerability called “Mongobleed” (CVE-2025-14847). This high-severity flaw allows unauthenticated attackers to steal sensitive data directly from server memory. With a CVSS score of 8.7 and over 87,000 potentially vulnerable MongoDB instances exposed worldwide, this pre-authentication memory disclosure vulnerability has rapidly become The post Lessons From Mongobleed Vulnerability (CVE-2025-14847) That Actively Exploited In The Wild appeared first on Cyber Security News.

An open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting MongoDB databases.​ The vulnerability allows attackers to extract sensitive information, including credentials, session tokens, and personally identifiable information, directly from server memory without requiring authentication. The flaw exists in MongoDB’s zlib decompression mechanism and affects versions The post MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847) appeared first on Cyber Security News.

Security researchers have released a Proof-of-Concept (PoC) exploit for a critical vulnerability in HPE OneView, a popular IT infrastructure management platform. The flaw, tracked as CVE-2025-37164, carries a maximum CVSS score of 10.0, indicating immediate danger to enterprise environments. The vulnerability allows remote attackers to execute malicious code on affected systems without needing a password or any The post PoC Exploit Released HPE OneView Vulnerability that Enables Remote Code Execution appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a sophisticated email campaign deploying a commodity loader to distribute Remote Access Trojans and information stealers. The operation primarily targets manufacturing and government organizations across Italy, Finland, and Saudi Arabia, using highly evasive techniques. Multi-Vector Attack Strategy The campaign employs multiple infection methods to compromise Windows systems. Threat actors are distributing The post Hackers Weaponize SVG Files and Office Documents to Target Windows Users appeared first on Cyber Security News.

A lightweight Python script to help organizations quickly identify exposure to CVE-2025-20393, a critical zero-day vulnerability in Cisco Secure Email Gateway (SEG) and Secure Malware Analytics (SMA), also known as Cisco Secure Email and Web Manager. The tool “Cisco SMA Exposure Check” detects open ports and services that have been exploited in recent attacks, as The post New Tool Released to Detect Cisco Secure Email Gateway 0-Day Vulnerability Exploited in the Wild appeared first on Cyber Security News.

CISA issued a critical warning regarding a hardcoded cryptographic key vulnerability affecting Gladinet CentreStack and Triofox file management solutions.  The vulnerability, tracked as CVE-2025-14611, poses significant risks to organizations using these widely deployed enterprise file-sharing platforms. The flaw lies in how Gladinet CentreStack and Triofox implement their AES cryptographic scheme. Attackers can exploit hardcoded cryptographic The post CISA Warns of Gladinet CentreStack and Triofox Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A critical alert regarding an active zero-day vulnerability affecting the Microsoft Windows Cloud Files Mini Filter Driver. The vulnerability poses a significant risk to organizations running affected Windows systems and requires immediate remediation efforts. CISA reports that the vulnerability, tracked as CVE-2025-62221, is a use-after-free flaw in the Windows Cloud Files Mini Filter Driver. That The post CISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attacks appeared first on Cyber Security News.