Vulnerability News

A critical security flaw in Sitevision CMS versions 10.3.1 and older has exposed SAML authentication signing keys, enabling potential authentication bypass and session hijacking. The vulnerability, tracked as CVE-2022-35202, stems from weak auto-generated passwords protecting Java keystores, which could be extracted and brute-forced to compromise private keys. Sitevision, a widely adopted content management system in The post Auto-Generated Password Vulnerability In Sitevision Leaks Signing Key appeared first on Cyber Security News.

Researchers uncovered an ongoing campaign distributing the Rhadamanthys Infostealer through malicious Microsoft Management Console (MMC) files (.MSC), leveraging both a patched DLL vulnerability and legitimate MMC functionalities to execute scripts and deploy malware.  This advanced attack vector highlights evolving techniques in credential theft campaigns targeting Windows environments. Security researchers at AhnLab SEcurity intelligence Center (ASEC) The post Rhadamanthys Infostealer Exploiting Microsoft Management Console to Execute Malicious Script appeared first on Cyber Security News.

Researchers uncovered nine critical vulnerabilities in NVIDIA’s CUDA Toolkit, a cornerstone software suite for GPU-accelerated computing. These vulnerabilities, spanning the cuobjdump and nvdisasm utilities, expose developers to denial-of-service (DoS) attacks and information disclosure risks when analyzing maliciously crafted cubin files. With NVIDIA GPUs powering everything from AI research to scientific simulations, these flaws highlight systemic The post Multiple NVIDIA CUDA Toolkit Vulnerabilities Let Attackers Trigger DoS appeared first on Cyber Security News.

Symantec, a division of Broadcom, has addressed a critical security flaw (CVE-2025-0893) in its Diagnostic Tool (SymDiag) that could allow attackers to escalate privileges on affected systems.  The vulnerability, which impacted SymDiag versions prior to 3.0.79, received a CVSSv3 score of 7.8 (High severity) due to its potential to compromise confidentiality, integrity, and availability through The post Symantec Diagnostic Tool Vulnerability Let Attackers Escalate Privileges  appeared first on Cyber Security News.

A critical vulnerability in Apache Ignite tracked as CVE-2024-52577, exposes systems to remote code execution (RCE) attacks due to improper enforcement of class serialization filters.  Rated CVSS 9.8, this flaw affects Ignite versions 2.6.0 through 2.16.x, enabling attackers to execute arbitrary code by exploiting deserialization weaknesses in server endpoints. Apache Ignite, a distributed in-memory database The post Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code  appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has escalated warnings about a critical zero-day vulnerability in SonicWall’s SonicOS, designating CVE-2024-53704 for immediate remediation in its Known Exploited Vulnerabilities (KEV) catalog. This improper authentication flaw, which enables remote attackers to hijack active SSL VPN sessions without credentials, has been confirmed as actively exploited in the The post CISA Warns of SonicWall SonicOS RCE Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.

A newly uncovered vulnerability in large language models (LLMs) has raised significant concerns about the security and ethical use of AI systems like OpenAI’s ChatGPT. Dubbed “Time Bandit,” this exploit manipulates the temporal reasoning capabilities of LLMs. This enables the attackers to bypass safety measures and generate harmful outputs, including malware code and phishing templates. The post New LLM Vulnerability Let Attackers Exploit The ChatGPT Like AI Models appeared first on Cyber Security News.

The Indian Post Office portal was found vulnerable to an Insecure Direct Object Reference (IDOR) attack, exposing sensitive Know Your Customer (KYC) data of thousands of users.  This breach highlights the critical need for robust security measures in government-operated digital platforms, especially those handling sensitive personal information like Aadhaar and PAN details. What Happened? According The post Indian Post Office Portal Exposed Thousands of KYC Records With Username & Mobile Number appeared first on Cyber Security News.

A critical SQL injection vulnerability has been identified in Apache Fineract, an open-source core banking software widely used for financial services.  This flaw, tracked as CVE-2024-32838, affects versions 1.4 through 1.9 and has been classified as important, with a CVSS score of 9.4, indicating its severity. The vulnerability resides in several REST API endpoints, such The post Apache Fineract SQL Injection Vulnerability Let Inject Malicious Data appeared first on Cyber Security News.

A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen™ Master Utility, a software tool designed to optimize the performance of AMD Ryzen™ processors.  The vulnerability, classified as DLL hijacking, could allow attackers to execute arbitrary code and escalate privileges on affected systems.  With a CVSS score of 7.3, this vulnerability The post AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.