#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Vulnerability | Breaking Cybersecurity News | The Hacker News

Category — Vulnerability
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover

Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover

Sep 16, 2025 Vulnerability / Cloud Security
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. "Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform's fault injections (such as shutting down pods or disrupting network communications), and perform further malicious actions, including stealing privileged service account tokens," JFrog said in a report shared with The Hacker News. Chaos Mesh is an open-source cloud-native Chaos Engineering platform that offers various types of fault simulation and simulates various abnormalities that might occur during the software development lifecycle. The issues, collectively called Chaotic Deputy, are listed below - CVE-2025-59358 (CVSS score: 7.5) - The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes clus...
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

Sep 16, 2025 Vulnerability / Spyware
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file. "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals," the company said. Since then, WhatsApp has acknowledged that a vulnerability in its messaging apps for Apple iOS and macOS (CVE-2025-55177, CVSS score: 5.4) had been chained with CVE-2025-43300 as part of highly-targeted spyware attacks aimed at less than 200 individuals. While the shortcoming was first addressed by the iPhone maker late last month with the release of iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1, it has also been released for the f...
Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds

Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds

Sep 16, 2025 Hardware Security / Vulnerability
A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix ( CVE-2025-6202 , CVSS score: 7.1), is capable of bypassing sophisticated protection mechanisms put in place to resist the attack. "We have proven that reliably triggering RowHammer bit flips on DDR5 devices from SK Hynix is possible on a larger scale," the Computer Security Group (COMSEC) at ETH Zürich said. "We also proved that on-die ECC does not stop RowHammer, and RowHammer end-to-end attacks are still possible with DDR5." RowHammer refers to a hardware vulnerability where repeated access of a row of memory in a DRAM chip can trigger bit flips in adjacent rows, resulting in data corruption. This can be subsequently weaponized by bad actors to gain unauthorized access to data, escalate privileges, or even cause a...
cyber security

Executive's Guide to Incident Response Readiness

websiteSygniaIncident Response / Cyber Resilience
Practical steps for executives to strengthen defenses and lead effective cyber response. Get the Guide.
cyber security

Weaponized GenAI + Extortion-First Strategies Fueling a New Age of Ransomware

websiteZscalerRansomware / Endpoint Security
Trends and insights based on expert analysis of public leak sites, ransomware samples and attack data.
Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks

Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks

Sep 12, 2025 Vulnerability / Mobile Security
Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks. The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution. "Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code," Samsung said in an advisory. "The patch fixed the incorrect implementation." According to a 2020 report from Google Project Zero, libimagecodec.quram.so is a closed-source image parsing library developed by Quramsoft that implements support for various image formats. The critical-rated issue, per the South Korean electronics giant, affects Android versions 13, 14, 15, and 16. The vulnerability was privately disclosed to the company on August 13, 2025. Samsung did not share any specifics on how the vulnerability is being exploited in attacks...
Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning

Sep 12, 2025 Vulnerability / Cyber Espionage
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-5086 , carries a CVSS score of 9.0 out of 10.0. According to Dassault, the issue impacts versions from Release 2020 through Release 2025. "Dassault Systèmes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution," the agency said in an advisory. The addition of CVE-2025-5086 to the KEV catalog comes after the SANS Internet Storm Center reported seeing exploitation attempts targeting the flaw that originate from the IP address 156.244.33[.]162 , which geolocates to Mexico. The attacks involve sending an HTTP request to the "/apriso/WebServices/FlexNetOperationsService.sv...
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Sep 12, 2025 AI Security / Vulnerability
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program. The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users' computers with their privileges. "Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: 'folderOpen' auto-execute the moment a developer browses a project," Oasis Security said in an analysis. "A malicious .vscode/tasks.json turns a casual 'open folder' into silent code execution in the user's context." Cursor is an AI-powered fork of Visual Studio Code, which supports a feature called Workspace Trust to allow developers to safely browse and edit code regardless of where it came from or who wrote it. With this option disab...
SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers

SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers

Sep 11, 2025 Ransomware / Vulnerability
Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access. Cybersecurity firm Rapid7 said it observed a spike in intrusions involving SonicWall appliances over the past month, particularly following reports about renewed Akira ransomware activity since late July 2025. SonicWall subsequently revealed the SSL VPN activity aimed at its firewalls involved a year-old security flaw ( CVE-2024-40766 , CVSS score: 9.3) where local user passwords were carried over during the migration and not reset. "We are observing increased threat activity from actors attempting to brute-force user credentials," the company noted . "To mitigate risk, customers should enable Botnet Filtering to block known threat actors and ensure Account Lockout policies are enabled." SonicWall has also urged users to review LDAP SSL VPN Default User Groups, describing it as a "critical weak point" if misconfigured in the con...
Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs

Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs

Sep 10, 2025 Vulnerability / Patch Tuesday
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month , 38 of the disclosed flaws are related to privilege escalation, followed by remote code execution (22), information disclosure (14), and denial-of-service (3). "For the third time this year, Microsoft patched more elevation of privilege vulnerabilities than remote code execution flaws," Satnam Narang, senior staff research engineer at Tenable, said. "Nearly 50% (47.5%) of all bugs this month are privilege escalation vulnerabilities." The patches are in addition to 12 vulnerabilities addressed in Microsoft's Chromium-based Edge browser since the release of August 2025's Patch Tuesday update, including a securit...
Apple iPhone Air and iPhone 17 Feature A19 Chips With Spyware-Resistant Memory Safety

Apple iPhone Air and iPhone 17 Feature A19 Chips With Spyware-Resistant Memory Safety

Sep 10, 2025 Spyware / Vulnerability
Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that's built into its newly introduced iPhone models, including iPhone 17 and iPhone Air. MIE, per the tech giant, offers "always-on memory safety protection" across critical attack surfaces such as the kernel and over 70 userland processes without sacrificing device performance by designing its A19 and A19 Pro chips keeping this aspect in mind. "Memory Integrity Enforcement is built on the robust foundation provided by our secure memory allocators, coupled with Enhanced Memory Tagging Extension (EMTE) in synchronous mode, and supported by extensive Tag Confidentiality Enforcement policies," the company noted . The effort is an aim to improve memory safety and prevent bad actors, specifically those leveraging mercenary spyware , from weaponizing such flaws in the first place to break into devices as part of highly-targeted attacks. The technology that underpins MIE...
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

Sep 10, 2025 Vulnerability / Software Security
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input validation flaw. Adobe said it's not aware of any exploits in the wild. "A potential attacker could take over customer accounts in Adobe Commerce through the Commerce REST API," Adobe said in an advisory issued today. The issue impacts the following products and versions - Adobe Commerce (all deployment methods): 2.4.9-alpha2 and earlier 2.4.8-p2 and earlier 2.4.7-p7 and earlier 2.4.6-p12 and earlier 2.4.5-p14 and earlier 2.4.4-p15 and earlier Adobe Commerce B2B: 1.5.3-alpha2 and earlier 1.5.2-p2 and earlier 1.4.2-p7 and earlier 1.3.4-p14 and earlier 1.3.3-p15 and earlier Magento Open Source: 2.4.9-al...
SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws

Sep 10, 2025 Software Security / Vulnerability
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files. The vulnerabilities are listed below - CVE-2025-42944 (CVSS score: 10.0) - A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious payload to an open port through the RMI-P4 module , resulting in operating system command execution CVE-2025-42922 (CVSS score: 9.9) - An insecure file operations vulnerability in SAP NetWeaver AS Java that could allow an attacker authenticated as a non-administrative user to upload an arbitrary file CVE-2025-42958 (CVSS score: 9.1) - A missing authentication check vulnerability in the SAP NetWeaver application on IBM i-series that could allow highly privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionaliti...
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

Sep 05, 2025 Vulnerability / Threat Intelligence
Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active exploitation in the wild. The vulnerability , tracked as CVE-2025-53690 , carries a CVSS score of 9.0 out of a maximum of 10.0, indicating critical severity. "Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said . "This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution." Google-owned Mandiant, which discovered the active ViewState deserialization attack, said the activity leveraged a sample machine key that had been exposed in Sitecore deployment guides from 2017 and earlier. The threat intelligence team ...
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

Sep 05, 2025 Vulnerability / Enterprise Security
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month. "SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC," according to a description of the flaw in the NIST National Vulnerability Database (NVD). "This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. Successful exploration of the defect could result in a full system compromise of the SAP environment, subverting the confidentiality, integrity, and availability of the system. In short, it can permit attackers to modify the SAP database, create superuser accounts with SAP_ALL privileges, download password hashes, and alter business processes. SecurityBri...
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited

CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited

Sep 04, 2025 Vulnerability / Network Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities ( KEV ) catalog, noting that there is evidence of them being exploited in the wild. The vulnerabilities in question are listed below - CVE-2023-50224 (CVSS score: 6.5) - An authentication bypass by spoofing vulnerability within the httpd service of TP-Link TL-WR841N, which listens on TCP port 80 by default, leading to the disclosure of stored credentials in "/tmp/dropbear/dropbearpwd" CVE-2025-9377 (CVSS score: 8.6) - An operating system command injection vulnerability in TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9 that could lead to remote code execution According to information listed on the company's website, the following router models have reached end-of-life (EoL) status - TL-WR841N (versions 10.0 and 11.0) TL-WR841ND (version 10.0) Archer C7 (versions 2.0 and 3.0) Howe...
Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure

Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure

Sep 03, 2025 Artificial Intelligence / Vulnerability
Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws. HexStrike AI, according to its website , is pitched as an AI‑driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting, and capture the flag (CTF) challenges. Per information shared on its GitHub repository, the open-source platform integrates with over 150 security tools to facilitate network reconnaissance, web application security testing, reverse engineering, and cloud security. It also supports dozens of specialized AI agents that are fine-tuned for vulnerability intelligence, exploit development, attack chain discovery, and error handling. But according to a report from Check Point, threat actors are trying their hands on the tool to gain an adversarial advantage, attempting to weaponize the tool to ...
Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack

Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack

Sep 03, 2025 Mobile Security / Vulnerability
Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks. The vulnerabilities are listed below - CVE-2025-38352 (CVSS score: 7.4) - A privilege escalation flaw in the Linux Kernel component  CVE-2025-48543 (CVSS score: N/A) - A privilege escalation flaw in the Android Runtime component Google said both vulnerabilities could lead to local escalation of privilege with no additional execution privileges needed. It also noted that no user interaction is required for exploitation. The tech giant did not reveal how the issues have been weaponized in real-world attacks and if they are being put to use in tandem, but acknowledged there are indications of "limited, targeted exploitation." Benoît Sevens of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the upstream Lin...
CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

Sep 03, 2025 Vulnerability / Mobile Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerability, CVE-2020-24363 (CVSS score: 8.8), concerns a case of missing authentication that could be abused to obtain elevated access to the susceptible device. "This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot," the agency said. "The attacker can then obtain incorrect access control by setting a new administrative password." According to malwrforensics , the issue has been fixed with firmware version TL-WA855RE(EU)_V5_200731. However, it bears noting that the product has reached end-of-life (EoL) status, meaning it's unlikely to receive any patches or updates. Users of the Wi-Fi range e...
WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices

Aug 30, 2025 Zero-Day / Vulnerability
WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 (CVSS score: 5.4), relates to a case of insufficient authorization of linked device synchronization messages. Internal researchers on the WhatsApp Security Team have been credited with discovering and rerating the bug. The Meta-owned company said the issue "could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target's device." The flaw affects the following versions - WhatsApp for iOS prior to version 2.25.21.73 (Patched on July 28, 2025) WhatsApp Business for iOS version 2.25.21.78 (Patched on August 4, 2025), and WhatsApp for Mac version 2.25.21.78  (Patched on August 4, 2025) It also assessed that the shortcoming may have been chained with CVE-2025-43300, a ...
Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Aug 29, 2025 Vulnerability / Web Security
Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution.  The flaws, per watchTowr Labs , are listed below - CVE-2025-53693 - HTML cache poisoning through unsafe reflections CVE-2025-53691 - Remote code execution (RCE) through insecure deserialization CVE-2025-53694 - Information Disclosure in ItemService API with a restricted anonymous user, leading to exposure of cache keys using a brute-force approach Patches for the first two shortcomings were released by Sitecore in June and for the third in July 2025 , with the company stating that "successful exploitation of the related vulnerabilities might lead to remote code execution and non-authorized access to information." The findings build on three more flaws in the same product that were detailed by watchTowr back in June - CVE-2025-34509 (CVSS score: 8.2) - Use of hard-coded credentials CV...
Expert Insights Articles Videos
Cybersecurity Resources