Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Grafana has issued urgent security updates for a critical vulnerability in its SCIM provisioning feature, carrying a maximum CVSS score of 10.0. This flaw (CVE-2025-41115) could allow attackers to escalate…
·
·
1–2 minutes -
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning regarding a critical, actively exploited zero-day vulnerability in Oracle Identity Manager (CVE-2025-52054). This flaw, with a CVSS…
·
·
2–3 minutes -
Cabinet does not yet want to block takeover of cloud company Solvinity
The Dutch cabinet is reviewing a potential acquisition of cloud company Solvinity, which handles critical services like DigiD. Demissionary Minister Frank Rijkaart noted concerns but stated it’s too soon to…
·
·
1–2 minutes -
Google: Data of two hundred Salesforce customers stolen via Gainsight apps
A major cyberattack has resulted in the theft of data from over 200 Salesforce customers, stemming from compromised Gainsight applications. The group claiming responsibility is known as “Scattered Lapsus$ Hunters,”…
·
·
1–2 minutes -
Bugcrowd Buys Mayhem Security for AI Hacking
Bugcrowd acquires Mayhem Security, an AI and cyber scaleup. This merger boosts ethical hacking with AI-powered testing. Mayhem’s AI platform offers continuous security testing. The collaboration aims to shrink attack…
·
·
2–3 minutes -
Cloudflare Outage Disrupts X, ChatGPT
Cloudflare outage on November 18 disrupted major internet platforms globally. X (formerly Twitter) and ChatGPT were affected. Cloudflare investigated and resolved the widespread issue.
·
·
1–2 minutes -
AI-Based Obfuscated Malware Evades AV Detection
Malicious Android applications use AI-powered obfuscation to bypass antivirus detection. These apps mimic delivery services, steal user data, and employ sophisticated evasion techniques. Security analysts identified advanced obfuscation, making reverse…
·
·
1–2 minutes -
Grafana Patches Critical SCIM Flaw
Grafana has patched a critical security flaw, CVE-2025-41115, in its SCIM component. This vulnerability could lead to user impersonation or privilege escalation in affected Grafana Enterprise versions. Users are advised…
·
·
1–2 minutes -
ThinPLUS OS Command Injection Vulnerability (CVE-2025-13284)
A critical OS Command Injection vulnerability (CVE-2025-13284) in ThinPLUS allows unauthenticated remote attackers to execute arbitrary commands, posing significant risks to system integrity. TWCERT/CC urges immediate patching.
·
·
2–3 minutes -
CVE-2025-8855: 2FA Bypass in Brokerage Automation
CVE-2025-8855 is a critical 2FA bypass vulnerability in Optimus Software’s Brokerage Automation platform. It combines authorization bypass, weak password recovery, and authentication bypass flaws, leading to high-severity risks and unauthorized…
·
·
3–4 minutes
