SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk
CVE 2025 42887 vulnerability, rated 9.9, allows code injection through Solution Manager giving attackers full SAP control urgent patch needed to block system takeover.
Vulnerability
CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege Escalation
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about the active exploitation of a new zero-day vulnerability in Microsoft Windows. This security flaw, tracked as CVE-2025-62215, affects the Windows Kernel and c…
Top 3 Malware Families in Q4: How to Keep Your SOC Ready
Q3 showed sharp growth in malware activity as Lumma AgentTesla and Xworm drove access and data theft forcing SOC teams toward quicker behavior checks
Kibana Vulnerabilities Expose Systems to SSRF and XSS Attacks
Elastic has released a security advisory addressing anĀ origin validation errorĀ in Kibana that could expose systems to Server-Side Request Forgery (SSRF) attacks. The vulnerability, tracked as CVE-2025-37734, affects multiple versions of the popular dat…
Critical Dell Data Lakehouse Flaw Allows Remote Attackers to Escalate Privileges
Dell Technologies has disclosed a critical security vulnerability affecting its Data Lakehouse platform that could allow attackers with high-level privileges to escalate their access and compromise system integrity. The flaw, tracked as CVE-2025-46608,…
CISA Warns of Active Exploitation of WatchGuard Firebox Out-of-Bounds Write Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting WatchGuard Firebox firewalls to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as…
Citrix NetScaler ADC and Gateway Flaw Allows Cross-Site Scripting (XSS) Attacks
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway platforms. The flaw, tracked as CVE-2025-12101, poses a moderate security risk to organizations relying on these network applian…
Active Exploitation of Cisco and Citrix 0-Day Vulnerabilities Allows Webshell Deployment
Amazon’s threat intelligence team has uncovered a sophisticated cyber campaign exploiting previously undisclosed zero-day vulnerabilities in critical enterprise infrastructure. Advanced threat actors are actively targeting Cisco Identity Service …
Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases
Google and Mozilla have released fresh Chrome and Firefox updates that address multiple high-severity security defects.
The post Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases appeared first on SecurityWeek.
Mindgard Finds Sora 2 Vulnerability Leaking Hidden System Prompt via Audio
AI security firm Mindgard discovered a flaw in OpenAI’s Sora 2 model, forcing the video generator to leak…