Collecting Cyber-News from over 60 sources

Tag: flaw

9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
Amazon WorkSpaces for Linux Vulnerability Exposes Valid Auth Tokens to Attackers

Nov 7, 2025 7:19 AM

Tags: access, authentication, cve, cyber, flaw, linux, service, unauthorized, vulnerability

A recently disclosed vulnerability in the Amazon WorkSpaces client for Linux exposes a critical security flaw that could allow attackers to gain unauthorized access to user environments due to improper handling of authentication tokens. The issue, tracked as CVE-2025-12779, has prompted urgent action from Amazon Web Services (AWS) and serves as an essential reminder for…
Amazon WorkSpaces for Linux Vulnerability Exposes Valid Auth Tokens to Attackers

Nov 7, 2025 7:19 AM

Tags: access, authentication, cve, cyber, flaw, linux, service, unauthorized, vulnerability

A recently disclosed vulnerability in the Amazon WorkSpaces client for Linux exposes a critical security flaw that could allow attackers to gain unauthorized access to user environments due to improper handling of authentication tokens. The issue, tracked as CVE-2025-12779, has prompted urgent action from Amazon Web Services (AWS) and serves as an essential reminder for…
Claude Desktop Hit by Critical RCE Flaws Allowing Remote Code Execution

Nov 7, 2025 6:19 AM

Tags: apple, browser, chrome, cyber, flaw, marketplace, rce, remote-code-execution, vulnerability

Security researchers have uncovered severe remote code execution vulnerabilities in three official Claude Desktop extensions developed and published by Anthropic. The Chrome, iMessage, and Apple Notes connectors, which collectively boast over 350,000 downloads and occupy prominent positions in Claude Desktop’s extension marketplace, all contained the same critical security flaw: unsanitized command injection. The vulnerabilities, confirmed…
Django Flaws Enable SQL Injection and DoS Attacks

Nov 6, 2025 10:19 PM

Tags: attack, dos, flaw, injection, sql

New Django flaws expose sites to SQL injection and DoS attacks, underscoring the need for stronger security practices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-django-vulnerability-sqli-dos-attacks/
ChatGPT Bugs Put Private Data at Risk

Nov 6, 2025 9:19 PM

Tags: chatgpt, data, flaw, injection, risk, theft

Tenable found seven ChatGPT flaws that enable stealthy data theft through chained prompt injection attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/new-chatgpt-vulnerabilities-data-privacy/
AI Engine Flaw Exposes 100,000 WordPress Sites to Attack

Nov 6, 2025 8:23 PM

Tags: ai, attack, data-breach, flaw, wordpress

A flaw in the AI Engine plugin exposed 100,000 WordPress sites to takeover attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-wordpress-vulnerability-100k-impact/
PromptJacking: When AI Chat Prompts Become Cyber Attacks

Nov 6, 2025 5:19 PM

Tags: ai, attack, cyber, flaw

Flaws in Claude Desktop’s extensions show how simple AI prompts can lead to system compromise. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-promptjacking-ai/
Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354)

Nov 6, 2025 5:19 PM

Tags: cisco, cve, flaw, update, vulnerability

Cisco has fixed two critical vulnerabilities (CVE-2025-20358, CVE-2025-20354) affecting Unified Contact Center Express (UCCX), which may allow attackers to bypass … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/06/cisco-fixes-critical-uccx-flaws-patch-asap-cve-2025-20358-cve-2025-20354/
Cisco CCX Vulnerabilities Open Door to Remote Attacks

Nov 6, 2025 5:19 PM

Tags: attack, cisco, control, flaw, malicious, vulnerability

Critical flaws in Cisco’s Unified CCX platform allow remote attackers to execute malicious code and gain full control of contact center systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-cisco-ccx-vulnerabilities/
Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354)

Nov 6, 2025 5:19 PM

Tags: cisco, cve, flaw, update, vulnerability

Cisco has fixed two critical vulnerabilities (CVE-2025-20358, CVE-2025-20354) affecting Unified Contact Center Express (UCCX), which may allow attackers to bypass … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/06/cisco-fixes-critical-uccx-flaws-patch-asap-cve-2025-20358-cve-2025-20354/
Cisco CCX Vulnerabilities Open Door to Remote Attacks

Nov 6, 2025 5:19 PM

Tags: attack, cisco, control, flaw, malicious, vulnerability

Critical flaws in Cisco’s Unified CCX platform allow remote attackers to execute malicious code and gain full control of contact center systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-cisco-ccx-vulnerabilities/
Longer Conversations Can Break AI Safety Filters

Nov 6, 2025 4:19 PM

Tags: ai, flaw

Adversarial Success Rates Jump Tenfold in Longer AI Chats, Finds Cisco. Open-weight language models can say no only for so long. Their safety filters break down when pushed through longer conversations, exposing flaws that one-shot tests fail to catch, found researchers at Cisco. The longer a user engages, the higher the probability of failure. First…
Longer Conversations Can Break AI Safety Filters

Nov 6, 2025 4:19 PM

Tags: ai, flaw

Adversarial Success Rates Jump Tenfold in Longer AI Chats, Finds Cisco. Open-weight language models can say no only for so long. Their safety filters break down when pushed through longer conversations, exposing flaws that one-shot tests fail to catch, found researchers at Cisco. The longer a user engages, the higher the probability of failure. First…
Critical Cisco UCCX flaw lets attackers run commands as root

Nov 6, 2025 3:19 PM

Tags: cisco, flaw, software, update, vulnerability

Cisco has released security updates to patch a critical vulnerability in the Unified Contact Center Express (UCCX) software, which could enable attackers to execute commands with root privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-cisco-uccx-flaw-lets-hackers-run-commands-as-root/
Critical Cisco UCCX flaw lets attackers run commands as root

Nov 6, 2025 3:19 PM

Tags: cisco, flaw, software, update, vulnerability

Cisco has released security updates to patch a critical vulnerability in the Unified Contact Center Express (UCCX) software, which could enable attackers to execute commands with root privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-cisco-uccx-flaw-lets-hackers-run-commands-as-root/
ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More

Nov 6, 2025 2:19 PM

Tags: ai, attack, botnet, crime, cybercrime, election, flaw, hacker, Internet, malware, organized, scam, service, tool

Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors.The result is a global system where every digital weakness can be turned…
ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More

Nov 6, 2025 2:19 PM

Tags: ai, attack, botnet, crime, cybercrime, election, flaw, hacker, Internet, malware, organized, scam, service, tool

Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors.The result is a global system where every digital weakness can be turned…
Multiple Django Flaws Could Allow SQL Injection and DenialService Attacks

Nov 6, 2025 11:19 AM

Tags: attack, cyber, flaw, injection, service, sql, vulnerability

The Django development team has released critical security patches addressing two significant vulnerabilities that could expose applications to denial-of-service attacks and SQL injection exploits. The security releases for Django 5.2.8, 5.1.14, and 4.2.26 were published on November 5, 2025, in accordance with Django’s standard security release policy. The two disclosed vulnerabilities pose different levels of…
Google Issues Emergency Chrome Update to Fix Critical RCE Flaw

Nov 6, 2025 7:19 AM

Tags: browser, chrome, cyber, flaw, google, rce, remote-code-execution, update

Google has released an emergency security update for Chrome across all platforms, rolling out version 142.0.7444.134 and 142.0.7444.135 to address five critical and medium-severity vulnerabilities. The update addresses urgent security concerns identified in the browser’s WebGPU implementation and other core components that could expose users to remote code execution attacks. The emergency release came on…
HackedGPT: New Vulnerabilities in GPT Models Allow Attackers to Launch 0-Click Attacks

Nov 6, 2025 7:19 AM

Tags: attack, chatgpt, cyber, cybersecurity, data, flaw, malicious, openai, vulnerability

Cybersecurity researchers at Tenable have uncovered a series of critical vulnerabilities in OpenAI’s ChatGPT that could allow malicious actors to steal private user data and launch attacks without any user interaction. The security flaws affect hundreds of millions of users who interact with large language models daily, raising significant concerns about the safety of AI.…
HackedGPT: New Vulnerabilities in GPT Models Allow Attackers to Launch 0-Click Attacks

Nov 6, 2025 7:19 AM

Tags: attack, chatgpt, cyber, cybersecurity, data, flaw, malicious, openai, vulnerability

Cybersecurity researchers at Tenable have uncovered a series of critical vulnerabilities in OpenAI’s ChatGPT that could allow malicious actors to steal private user data and launch attacks without any user interaction. The security flaws affect hundreds of millions of users who interact with large language models daily, raising significant concerns about the safety of AI.…
Unpatched Windows Flaw a Boon for Nation-State Hackers

Nov 6, 2025 1:19 AM

Tags: china, exploit, flaw, hacker, korea, microsoft, north-korea, vulnerability, windows

Chinese Hackers Target European Diplomats with LNK File Flaw. Chinese nation-state hackers are exploiting a Windows vulnerability to hack European diplomatic outposts, say security researchers – but operating system giant Microsoft says the flaw doesn’t merit a patch. Hackers used a flaw already compromised by North Korea and Russia. First seen on govinfosecurity.com Jump to…
Microsoft Teams Flaws Let Hackers Impersonate Executives

Nov 5, 2025 8:23 PM

Tags: flaw, hacker, microsoft

Researchers found Microsoft Teams bugs letting attackers spoof executives, alter messages, and erode trust in workplace communication. The post Microsoft Teams Flaws Let Hackers Impersonate Executives appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-teams-social-engineering-flaw/
CISA warns of critical CentOS Web Panel bug exploited in attacks

Nov 5, 2025 8:23 PM

Tags: attack, cisa, cybersecurity, exploit, flaw, infrastructure, threat

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning that threat actors are exploiting a critical remote command execution flaw in CentOS Web Panel (CWP). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-critical-centos-web-panel-bug-exploited-in-attacks/
Severe React Native Flaw Exposes Developer Systems to Remote Attacks

Nov 5, 2025 6:19 PM

Tags: attack, flaw, rce, remote-code-execution, update, vulnerability

JFrog researchers found a critical RCE vulnerability (CVE-2025-11953) in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw. First seen on hackread.com Jump to article: hackread.com/react-native-flaw-exposes-developer-remote-attacks/
Critical React Native NPM Vulnerability Exposes Developer Systems to Remote Attacks

Nov 5, 2025 5:19 PM

Tags: attack, cve, flaw, linux, macOS, open-source, remote-code-execution, vulnerability, windows

A severe vulnerability was discovered in the React Native Community CLI, a popular open-source package downloaded nearly two million times every week by developers building cross-platform applications. Tracked as CVE-2025-11953, this flaw allows unauthenticated remote code execution across Windows, macOS, and Linux systems. In practical terms, attackers can execute arbitrary commands on a developer’s machine…
React Vulnerability Endangers Millions of Downloads

Nov 5, 2025 5:19 PM

Tags: flaw, vulnerability

A critical React Native flaw exposes millions of developers to remote code attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/react-vulnerability-endangers-millions-of-downloads/
AMD red-faced over random-number bug that kills cryptographic security

Nov 5, 2025 4:19 PM

Tags: exploit, flaw

Local privileges required to exploit flaw in Ryzen and Epyc CPUs. Some patches available, more on the way First seen on theregister.com Jump to article: www.theregister.com/2025/11/05/amd_promises_to_fix_chips/