Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Grafana has issued urgent security updates for a critical vulnerability in its SCIM provisioning feature, carrying a maximum CVSS score of 10.0. This flaw (CVE-2025-41115) could allow attackers to escalate privileges or impersonate users, especially in Grafana versions 12.x where SCIM provisioning is active, leading to a newly provisioned user being treated as an existing…
-
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning regarding a critical, actively exploited zero-day vulnerability in Oracle Identity Manager (CVE-2025-52054). This flaw, with a CVSS score of 9.8, allows remote attackers to bypass authentication and gain unauthorized access, posing a significant risk of complete system compromise to affected versions.
-
Cabinet does not yet want to block takeover of cloud company Solvinity
The Dutch cabinet is reviewing a potential acquisition of cloud company Solvinity, which handles critical services like DigiD. Demissionary Minister Frank Rijkaart noted concerns but stated it’s too soon to block the deal, initiating a full investigation into the implications. Solvinity’s vital infrastructure supports key government systems, prompting questions from the House of Representatives. The…
-
Google: Data of two hundred Salesforce customers stolen via Gainsight apps
A major cyberattack has resulted in the theft of data from over 200 Salesforce customers, stemming from compromised Gainsight applications. The group claiming responsibility is known as “Scattered Lapsus$ Hunters,” also identified as UNC6040 by Google’s Mandiant team.
-
Bugcrowd Buys Mayhem Security for AI Hacking
Bugcrowd acquires Mayhem Security, an AI and cyber scaleup. This merger boosts ethical hacking with AI-powered testing. Mayhem’s AI platform offers continuous security testing. The collaboration aims to shrink attack surfaces and pre-empt risks.
-
Cloudflare Outage Disrupts X, ChatGPT
Cloudflare outage on November 18 disrupted major internet platforms globally. X (formerly Twitter) and ChatGPT were affected. Cloudflare investigated and resolved the widespread issue.
-
AI-Based Obfuscated Malware Evades AV Detection
Malicious Android applications use AI-powered obfuscation to bypass antivirus detection. These apps mimic delivery services, steal user data, and employ sophisticated evasion techniques. Security analysts identified advanced obfuscation, making reverse engineering difficult.
-
Grafana Patches Critical SCIM Flaw
Grafana has patched a critical security flaw, CVE-2025-41115, in its SCIM component. This vulnerability could lead to user impersonation or privilege escalation in affected Grafana Enterprise versions. Users are advised to update immediately.
-
ThinPLUS OS Command Injection Vulnerability (CVE-2025-13284)
A critical OS Command Injection vulnerability (CVE-2025-13284) in ThinPLUS allows unauthenticated remote attackers to execute arbitrary commands, posing significant risks to system integrity. TWCERT/CC urges immediate patching.
-
CVE-2025-8855: 2FA Bypass in Brokerage Automation
CVE-2025-8855 is a critical 2FA bypass vulnerability in Optimus Software’s Brokerage Automation platform. It combines authorization bypass, weak password recovery, and authentication bypass flaws, leading to high-severity risks and unauthorized access.