CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
The Hacker News 22.11.2025 06:45
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated
FCC reversal removes federal cyber safeguards targeting telecom weaknesses post-Salt Typhoon attacks
CSO Online 22.11.2025 00:46
The US federal government is rolling back mandates intended to protect critical infrastructure following the widespread Salt Typhoon attacks.
The Federal Communication Commission (FCC) has reversed a January 2025 Declaratory Ruling requiring US telecom providers to adopt and certify stricter cybersecurity measures. The ruling took effect under the Communications Assistance for Law Enforcement Act (CALEA), which requires telecom providers and manufacturers to design their services and equipment in a way that allows for surveillance when legally requested by law enforcement.
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
The Hacker News 21.11.2025 15:40
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations.
The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First
Ransomware gangs seize a new hostage: your AWS S3 buckets
CSO Online 21.11.2025 11:46
Ransomware operators are shifting their focus from traditional on-premises targets to cloud storage services, especially S3 buckets used by Amazon Web Services (AWS), cybersecurity researchers have warned.
A recent Trend Micro report outlined a new wave of attacks, where attackers integrate with cloud-native encryption and key management services rather than merely stealing or deleting data.
Sicherheitslücken: Angreifer können SonicWall SonicOS SSLVPN lahmlegen
Heise Security 21.11.2025 08:49
Sicherheitsupdates schließen Schwachstellen in SonicWall Email Security und SonicOS SSLVPN.
Nach großem Cyberangriff: US-Börsenaufsicht lässt Klage gegen Solarwinds fallen
Heise Security 21.11.2025 08:10
Weil Solarwinds vor einer verheerenden Cyberattacke die eigenen Investoren getäuscht haben soll, ist die SEC vor Gericht gezogen. Nun komt der Rückzieher.