SUSE-SU-2025:3976-1 Security update for bind

This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks bsc1252379...

Cyberattacks on UK water systems reveal rising risks to critical infrastructure

Digital intruders have been targeting UK drinking water systems in what seems to be a growing risk. Recorded Future News sent a request to the UK's Drinking Water Inspectorate DWI, the organization responsible for ensuring that drinking water is safe, for details on cyberattacks affecting the...

CVE-2025-5770

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

CVE-2025-5770 Reflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 Products

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

CVE-2025-63417

A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...

bind9.16 security update

32:9.16.23-0.22.4 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Address various spoofing attacks CVE-2025-40778 - Replace downstream fixes with upstream changes 32:9.16.23-0.22.3 - Update addresses of b.root-servers.net RHEL-18449...

PT-2025-45157

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A reflected cross-site scripting XSS issue exists in the authentication endpoints of WSO2 products because of insufficient output encoding. An attacker can inject JavaScript payloads in...

EUVD-2025-37918

A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...

CVE-2025-54863

Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could...

Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed

Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications,"...

“Sneaky” new Android malware takes over your phone, hiding in fake news and ID apps

Researchers at Cyfirma have investigated Android Trojans capable of stealing sensitive data from compromised devices. The malware spreads by pretending to be trusted apps—like a news reader or even digital ID apps—tricking users into downloading it by accident. In reality, it’s Android-targeting...

⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More

Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky...

kernel: ipv6: sr: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

Characterizing Build Compromises through Vulnerability Disclosure Analysis

The software build process transforms source code into deployable artifacts, representing a critical yet vulnerable stage in software development. Build infrastructure security poses unique challenges: the complexity of multi-component systems source code, dependencies, build tools, the difficult...

📄 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery

ClipBucket version 5.5.2 Build 90 suffers from a server-side request forgery vulnerability. Exploit Title: ClipBucket 5.5.2 Build 90 - Server-Side Request Forgery SSRF Google Dork: N/A Date: 2025-09-11 Exploit Author: Mukundsinh Solanki r00td3str0y3r Vendor Homepage: https://clipbucket.com Softwa...

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

The Australian Signals Directorate ASD has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 CVSS...

CVE-2025-30191

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

IEEE P802.11-REVme D1.1 through D7.0 allow FragAttacks against mesh networks. In mesh networks that use Wi-Fi Protected Access WPA, WPA2, or WPA3 or Wired Equivalent Privacy WEP, an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP...

SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2025:3903-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3903-1 advisory. Upgrade to release 9.20.15: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found...

Security update for bind

This update for bind fixes the following issues: Upgrade to release 9.20.15: CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found bsc1252378. CVE-2025-40778: Address various spoofing attacks bsc1252379. CVE-2025-40780: Cache-poisoning due to weak pseudo-random number...