Security

Development

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

September 14, 2025

A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when…

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

September 14, 2025

UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal Source: Read More

Development

FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks

September 14, 2025

The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with…

Development

Student Insider Threats Driving Surge in UK School Data Breaches, ICO Warns

September 13, 2025

Over half of insider cyber incidents in UK schools are being caused by students—a trend raising alarms across education, regulation,…

Development

FTC Probes AI Chatbots Designed as “Companions” for Children’s Safety

September 13, 2025

The U.S. Federal Trade Commission has opened a formal inquiry into AI chatbots that act like companions—designed to mimic emotions,…

Development

Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage

September 13, 2025

The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default…

Development

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning

September 13, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso…

Development

ASEAN Adopts 10-Year Action Plan to Combat Rising Cybercrime Threat

September 13, 2025

Cybercrime and online scams have officially overtaken traditional threats as the primary regional security concern for the Association of Southeast…

Development

New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit

September 13, 2025

Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the…

Development

Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms

September 13, 2025

Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team…

Development

Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks

September 13, 2025

Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has…

Development

CISA Warns of Attacks on DELMIA Manufacturing Software Vulnerability

September 13, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a manufacturing operations management software vulnerability to its Known Exploited…

Development

AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto

September 12, 2025

Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management (RMM)…

Are cybercriminals hacking your systems – or just logging in?

September 12, 2025

As bad actors often simply waltz through companies’ digital front doors with a key, here’s how to keep your own…

Development

Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts

September 12, 2025

Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to…

Development

Cracking the Boardroom Code: Helping CISOs Speak the Language of Business

September 12, 2025

CISOs know their field. They understand the threat landscape. They understand how to build a strong and cost-effective security stack.…

Development

SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers

September 12, 2025

Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access. Cybersecurity firm Rapid7…

Development

Australia Warns of Ransomware Attacks Exploiting SonicWall VPN Flaw CVE-2024-40766

September 12, 2025

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued an urgent alert regarding active exploitation of a…

Development

FTC Urged to Investigate Microsoft on Outdated RC4 Encryption and Kerberoasting Flaws

September 12, 2025

A fresh firestorm has erupted over Microsoft’s handling of cybersecurity risks, with U.S. Senator Ron Wyden (D-OR) calling on the…

Development

SAP Issues Critical Security Patch for NetWeaver and Other Products, Warns of CVE-2025-42944

September 12, 2025

SAP has released a new security update addressing a broad range of vulnerabilities across its product ecosystem. Among the most…

Highlights

CVE-2025-43586 – Adobe Commerce Privilege Escalation Vulnerability

June 10, 2025

CVE ID : CVE-2025-43586

Published : June 10, 2025, 4:15 p.m. | 1 hour, 25 minutes ago

Description : Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized elevated access. Exploitation of this issue does not require user interaction.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…