#vulnerability

Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks. The vulnerability in question is CVE-2025-32433 (CVSS score: 10.0), a missing authentication issue that could be abused by an

Securing AI systems represents cybersecurity's next frontier, creating specialized career paths as organizations grapple with novel vulnerabilities, regulatory requirements, and cross-functional demands.

## Description A critical path traversal vulnerability (CWE-22) has been identified in the `review_paper` function in `backend/app.py`. The vulnerability allows malicious users to access arbitrary PDF files on the server by providing crafted file paths that bypass the intended security restrictions. ## Impact This vulnerability allows attackers to: - Read any PDF file accessible to the server process - Potentially access sensitive documents outside the intended directory - Perform reconnaissance on the server's file system structure ## Vulnerable Code The issue occurs in the `review_paper` function around line 744: ```python if pdf_path.startswith("/api/files/"): # Safe path handling for API routes relative_path = pdf_path[len("/api/files/"):] generated_base = os.path.join(project_root, "generated") absolute_pdf_path = os.path.join(generated_base, relative_path) else: absolute_pdf_path = pdf_path # VULNERABLE: Direct use of user input ``` ## Proof of Concept ``...

Gaming cheats are the bane of the video game industry—and a hot commodity. A recent study found that cheat creators are making a fortune from gamers looking to gain a quick edge.

A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.

London, United Kingdom, 11th August 2025, CyberNewsWire

The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive files. "When extracting a file,

Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft's Windows Remote Procedure Call (RPC) communication protocol that could be abused by an attacker to conduct spoofing attacks and impersonate a known server. The vulnerability, tracked as CVE-2025-49760 (CVSS score: 3.5), has been described by the tech giant as a Windows Storage spoofing bug

AgentFlayer is a critical vulnerability in ChatGPT Connectors. Learn how this zero-click attack uses indirect prompt injection to…

Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices. "This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system," Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse Michael said in a report shared with The Hacker News. The